A well-known online store in Russia, Elex.ru supplies clients with a myriad of products, everything from electronics to household appliances. The store delivers only within Russia and is accepting payments by card, although it is a Pay on Delivery (POD).
The company was founded in 1993. To date, there are 30 physical stores as well as an online platform. From the company’s site, it can be seen that they have contracts with the following companies:
On the 10th of February, on a Russian-speaking Telegram channel, also known for not only sharing but selling leaked data and hacking tools, the following content was found:
The channel has around 3k subscribers and the data was posted for free.
A claim for a breach was detected in one of the bigger underground forums, around June 2021, but was deleted shortly after it turned out the claim was false.
Over 9400 users’ information was leaked, sensitive information including full legal names, gender, D.O.B., telephone numbers, addresses
Out of only 20 preliminary accounts we’ve investigated, all 20 were confirmed to have an account on https://elex.ru/, which validates the probability of this leak being genuine.
As the site is not allowing online payment, the possibility of stealing card information about customers is eliminated. Although the following things should be considered:
- Be suspicious of emails from this company (phishing), check the authenticity of the sender
- Change your password related to this account or any accounts using a similar password.
- Be sure to use a complex password and when possible, use a VPN.
- Early detection and having the right information and team can be instrumental in mitigating damage if a breach like this occurs.