Megafail: Russian Mobile Operator Leaks Users’ SMS Histories.

News of the day: SMS histories of subscribers of Megafon, one of the largest Russian mobile operators with a 57 million+ user database, have been leaked. Thousands of messages are now available online, causing a major nationwide scandal. Another company that may have been involved in the scandal is Yandex, the largest national search engine, which may have indexed either some classified stored items or SMS messages sent from users’ computers. Update: Yandex has already removed the link to the leaked SMS histories from their search queries.

The real causes of this epic fail are “still unknown and currently under investigation”. At least, this is what Megafon and Yandex officials are saying at the mo. Can’t wait for the whole picture!

We think the following may have caused the incident:

  • An incorrectly configured Megafon website, which allowed Yandex crawlers to index unprotected internal stored items. However, Google doesn’t have the same data in its search results, which makes us doubt this scenario. And I can’t imagine that Yandex crawlers are smart (or stupid) enough to brute-force webpages;
  • Access to the webpages with the SMS messages and their indexation was made possible by Megafon subscribers using the Yandex.Bar plug-in in their browsers; or
  • The Yandex.Metrika tool on the Megafon website was installed incorrectly, which caused classified data to be available for indexation.

It’s hard to say who is at fault in this issue (let’s see what the official results say). However, this is a major breach of the Russian Federal Law on Personal Data Protection and a bunch of other state regulations, which may mean the offensive party will face legal prosecution and substantial penalties.

Update: Yandex officials have said Megafon admins deleted the robots.txt exposing the web page with the online SMS service to web crawlers. Amazing…

16 Responses to “Megafail: Russian Mobile Operator Leaks Users’ SMS Histories.”

  1. Eugene, unlikely to be breach in Federal Law for Personal Data Protection – it procects only User identity – in this case only phone numbers were visible, wich are out of the scope,
    But no question Megafon sustained a breach in user confidence and trust here,

  2. “Yandex officials have said Megafon admins deleted the robots.txt exposing the web page with the online SMS service to web crawlers. Amazing…”

    So — just so I get it right: The only defence against massive download of text message data was a robots.txt file? Yeah, they really thought their security system through, I daresay. ;)

  3. I don’t disagree with this post!

  4. I used to have Norton 360. It would ask if you wanted them to remember your passwords & other online information , and automatically fill them in for you if you ever used the same site again. Does Kaspersky 2010 Internet Security have this feature? What do they have? And how do you used it?

  5. Hi there, i read your blog from time to time
    and i own a similar one and i was just curious if you get a lot of spam responses?
    If so how do you stop it, any plugin or anything you can advise?
    I get so much lately it’s driving me crazy so any help is very much appreciated.

Trackbacks/Pingbacks

  1. MegaFon Leaks Confidential SMS Messages - July 19, 2011

    […] that may cause the offensive party to face a legal prosecution and substantial penalties,” commented Eugene Kaspersky, co-founder and CEO of Russian security vendor Kaspersky […]

  2. Datenleck bei russischem Provider: 8.000 SMS online einsehbar - NETZWELT - July 20, 2011

    […] Bericht von Kaspersky (Quelle) […]

  3. Hacking, and Arresting, and Suing, and Legislation! Oh my! | Game & Tech :: Latest Game And Tech News from all Around The World - July 22, 2011

    […] for having indexed the information, but that is what the company is supposed to do. According to a Eugene Kaspersky’s blog the problem was caused by a Megafon administrator who deleted the robots.txt file which then […]

  4. Worse than Cheese: Scary Scenarios Causing Nightmares Now – the Five Main Issues of IT Security. | Nota Bene - July 3, 2012

    […] slant on the privacy issue cropped up not so long ago when thousands of leaked text messages of the Russian cell provider Megafon became viewable via the Yandex search engine. Imagine that! […]

  5. Più fastidioso dell’odore del gorgonzola: Gli scenari pericolosi possono provocare degli incubi. I Cinque Principali Casi di Sicurezza Informatica. | Nota Bene - September 17, 2012

    […] altro grande taglio alla privacy avvenne poco tempo fa quando gli sms inviati tramite la compagnia telefonica Megafon divennero visibili all’interno del motore di ricerca […]

  6. Pire que l’odeur du Fromage : Et Maintenant, les Effrayants Scénarios qui Provoquent des Cauchemars – les Cinq Questions Principales sur la Sécurité IT. | Nota Bene - September 17, 2012

    […] point de vue sur la question de la vie privée a surgi il n’y a pas si longtemps suite à la fuite de milliers de SMS du fournisseur téléphonique russe Megafon qui sont devenus visibles via le moteur de recherche […]

  7. Casos e Historias de Miedo que Causan Pesadillas – las Cinco Cuestiones Principales de la Seguridad IT | Nota Bene - September 17, 2012

    […] no hace mucho tiempo, cuando cientos de mensajes SMS de la compañía rusa de telecomunicaciones Megafon estaban disponibles para su visualización a través del motor de búsqueda Yandex. ¡Imagínate […]

  8. Top IT Security Threats | Eugene Kaspersky - November 7, 2012

    […] slant on the privacy issue cropped up not so long ago when thousands of leaked text messages of the Russian cell provider Megafon became viewable via the Yandex search engine. Imagine that! […]

  9. Hacking, and Arresting, and Suing, and Legislation! Oh my! | SecurityProNews - November 21, 2012

    […] for having indexed the information, but that is what the company is supposed to do. According to a Eugene Kaspersky’s blog the problem was caused by a Megafon administrator who deleted the robots.txt file which then […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: