Leading Russian streaming platform suffers data leak allegedly impacting 44 million users

Russian streaming giant START said on Sunday that the personal information of its customers was leaked during a cyberattack. 

The company did not disclose how many users were affected by the breach but according to the Russian Telegram channel Information Leaks — which first publicized the incident and posted alleged screenshots of leaked information — the 72 GB database contains data on 44 million customers.

The leaked information includes usernames, email addresses, hashed passwords, IP addresses, users’ countries of registration, subscription start and end dates, and the last login to the service.

START, which sells films and TV shows in more than 174 countries, is one of many Russian companies that have suffered data leaks and hacks following Russia's invasion of Ukraine.

The data breach allegedly affects viewers worldwide, including 24.6 million users from Russia, 2.3 million from Kazakhstan, 2.1 million from China, and 1.7 million from Ukraine.

The hackers claimed the data came from an exposed MongoDB database program, which contained the details of users who signed up on the website until September 22 of last year.

START said it has already fixed the vulnerability and closed access to the database. “The leaked data is of little interest to attackers,” the company wrote in a statement. “The most important information there is the users' emails and phone numbers.” 

Financial information, such as credit card numbers, were not included in the database, according to START. The company is not requiring users to change passwords because they are encrypted, it said.

Only a small portion of users (less than 2%) used first and last names during registration on the website, according to Ilya Braslavskiy, the company’s Data Science Lead. “These are not mandatory fields, so there is no motivation to add them,” he wrote on Telegram.

It’s unclear who is behind the attack or what motivated it — no hacking group has yet claimed responsibility for the attack on the service. 

Earlier in July, Ukrainian hacktivists from the IT Army hit about 80 Russian cinemas with distributed denial-of-service (DDoS) attacks, which flood victims with junk traffic to make their websites unreachable. 

In March, Anonymous hacktivists breached the Russian streaming services Wink and Ivi and broadcasted real footage from the war in Ukraine.

Ukrainian streaming services suffer from Russia’s cyberattacks as well. In June, for instance, pro-Russia hackers attacked the Ukrainian streaming service Oll.tv and replaced the broadcast of a football match with Russian propaganda.

Other popular streaming services, including Megogo and Sweet.tv, said they were mostly hit by DDoS attacks without significant impact.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Daryna Antoniuk

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.