Cyber Incident Victim: Russian Media Streaming Platform

On August 30, 2022, Russian media streaming platform START confirmed a data breach stemming from unauthorized access to its systems, which resulted in the theft of a user database from 2021. The platform’s administrators disclosed that attackers exfiltrated the database and subsequently distributed samples online. The compromised data included email addresses, phone numbers, and usernames, though START asserted the information lacked utility for account takeover attempts. Initial rumors of the breach emerged on August 28, 2022, when a 72GB MongoDB JSON dump purportedly containing records of nearly 44 million users circulated on a social network. Analysis revealed only 7,455,926 unique email addresses within the dump, indicating approximately 7.5 million legitimate users were affected. Records in the leaked database were dated as recently as September 22, 2021, limiting exposure to users who registered prior to that date. START claimed financial data, bank card details, browsing history, and passwords remained unaffected, as these were not stored in the compromised database.

Contradictions arose between START’s public statements and the contents of the leaked data. Independent verification by Russian news outlet Medusa confirmed the validity of leaked credentials through START’s password recovery tool. The dump also contained MD5crypt-hashed passwords, IP addresses, login logs, and subscription details—elements omitted from the platform’s official breach notification. START reported addressing the vulnerability and securing its data systems, though it did not mandate a global password reset for users. The company advised users to proactively change passwords despite characterizing the stolen data as low-risk. The incident highlighted discrepancies in transparency regarding the scope of exposed information and raised concerns about the platform’s initial assessment of the breach’s severity.