Information security specialists have reported that hackers from the UHG group have published the data of Citylab users in the public domain. According to the In2security Telegram channel, the hackers have claimed to have stolen 14TB of the company’s internal data.
Data Leakage & Breach Intelligence (DLBI) researchers have stated that they have studied several text dumps containing personal data of users, including login, full name, email address (483,000 unique addresses), telephone numbers (435,000 unique numbers), hashed passwords, gender (not for everyone), date of birth (not for everyone), and registration dates (from January 01, 2007 to May 18, 2023).
In addition, experts have reported that 1.7 TB of data with scanned results of analyses and studies, contracts, and checks in PDF files are now available in the public domain.
A random check of random email addresses through the password recovery form on the site my.citilab.ru/client/ has revealed that the data is valid.
Previously, the UHG group had announced the hacking of the service for selling tickets to various city events, kassy[.]ru.
