Cyber Incident Victim: Whoosh

In early November 2022, Russian scooter-sharing service Whoosh suffered a cyberattack that compromised customer data. The company initially claimed its IT experts successfully thwarted the attack in statements to Russian media shortly after the incident. However, on November 11, 2022, a threat actor listed a database containing 7.2 million Whoosh user records for sale on the 'Breached' hacking forum. The seller advertised the data as including email addresses, phone numbers, and first names of customers, along with partial payment card details for 1.9 million users and 3 million promotional codes enabling free scooter rentals. The attacker specified selling exclusively to five buyers at $4,200 each (.21490980 bitcoin) via SatoshiDisk, though no purchases had been recorded at the time of reporting. A separate Telegram sale post attributed the data theft to the November 2022 attack on Whoosh.

Whoosh confirmed the data breach on November 14, 2022, through a statement to RIA Novosti, acknowledging the leak while collaborating with law enforcement to prevent further dissemination. The company maintained that compromised information excluded sensitive account access credentials, transaction histories, travel patterns, and full payment card details, asserting its security protocols prevented third parties from obtaining complete banking data. The incident occurred amid heightened cybersecurity challenges in Russia, with Roskomnadzor documenting 40 confirmed corporate breaches between January-August 2022 and Group-IB reporting 140 Russian company database sales during summer 2022 alone, collectively exposing 304 million records. Whoosh's breach ranked among significant 2022 Russian data exposures alongside incidents like the Yandex Food leak, which triggered additional collateral data compromises.