ShellCodeX
Tools โ€ข Events โ€ข News โ€ข Insights
ShellCodeX Breach Report

CDEK Data Breach

cdek.ru
Major exposure
Unverified
Accounts exposed 19,218,203
Breach date 09 Mar 2022
Added to tracker 17 Mar 2022
Data classes 3

What happened

In early 2022, a collective known as IT Army whose stated goal is to "completely de-anonymise most Russian users by leaking hundreds of gigabytes of databases" published over 30GB of data allegedly sourced from Russian courier service CDEK. The data contained over 19M unique email addresses along with names and phone numbers. The authenticity of the breach could not be independently established and has been flagged as "unverified".

Exposed data

Email addresses Names Phone numbers

Recommended actions

  • Watch for targeted phishing emails referencing CDEK โ€” attackers weaponise breach data quickly.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP