Whoosh Data Breach – Instant Data Mobility to Hacking Forums

Cybercriminals have been targeting big companies for a long time now. However, in 2022, Russia seems to be hogging the spotlight with over 40 confirmed Russian company data breaches. Well, 41 it is as the Russian scooter-sharing service Whoosh has recently suffered a huge attack.

One of the many victims in Russia was none other than the popular streaming channel start.ru – it had millions of subscribers that were caught in the crossfire.

Whoosh is no different as it also has millions of customers and 7.3 of them got their data exposed in this breach. How did this happen and how is Whoosh handling things? Find out in the following article.

Whoosh Data Breach – A Malicious Data Transport

Threat actors are not just sitting around using their old tools to get what they want. Instead, they’re developing their techniques to ensure high success breaching rates. Unfortunately, they’re pulling it off.

Whoosh has been around for quite some time now – it now boasts over 75,000 scooters and millions of customers. When a company of such caliber gets breached, you’d automatically know that the impact is huge.

Whoosh confirmed the breach after the threat actor behind it started selling the stolen database containing the details of 7.2 million customers on a hacking forum.

The database includes sensitive information such as promotion codes (Allow access to the service for free) and user identification and payment card data.

As seen in the image above, the attacker claims to be providing crucial data belonging to 7+ million users. The identifying information comes in the form of email addresses, phone numbers, and first names.

However, the partial payment card details only affect a subset of 1,900,000 users. That softens the blow a bit, don’t you think? As for the promo codes – the attacker posted 3,000,000 of them. These can be used to rent Whoosh scooters without spending a single dime.

The seller is providing the data for 5 people only. The price presented on the forum is $4,200 each. However, according to the SatoshiDisk platform, which the attacker is using for the transaction, no purchases have been made so far.

As we mentioned, Russia’s been suffering a lot of attacks lately. Anyone who’s a customer of Woosh should be very careful as potential phishing attacks might occur.

Don’t forget, emails and first names were exposed. So far, no entity has purchased the database. But you never know what might happen in the near future.

Another Breach in Russia – Data’s Whooshing Everywhere

Cyber attacks have reached a new high in 2022. Everyone who uses the internet should be very vigilant when submitting personally identifying information.

As seen above, even the biggest companies are getting breached, which means that any single individual is at risk. Protect yourself and keep your personal information, well, personal.