A data breach involving 7.5 million subscribers has been confirmed by a Russian streaming provider ‘START’

‘START’ (start.ru), a Russian media streaming platform, has confirmed rumors of a data breach affecting millions of users. Network intruders stole a 2021 database from the platform’s infrastructure and are currently sharing samples online, according to the platform’s administrators.

Email addresses, phone numbers, and usernames were all stolen from the database. START considers it uninteresting to most cybercriminals because it cannot be utilized to take over accounts. Financial information, bank card information, browsing history, or user passwords were not affected because they were not stored in the database. START does not require a global reset, although it is suggested that all users change their passwords.

The first reports of a START data breach surfaced on Sunday, August 28, when a 72GB MongoDB JSON dump containing information from around 44 million members began to circulate on a social network.

Many of these entries are related to test accounts. The dump, on the other hand, comprises 7,455,926 unique email addresses, which is most likely close to the actual number of exposed people. Because the records are as recent as September 22, 2021, this occurrence has no bearing on anyone who enrolled with the site after that date.

The difference between START’s announcement and the leaked dump is that the latter contains md5crypt-hashed passwords, IP addresses, login logs, and subscription details that are not contained in the platform’s official statement.