• World CyberCon India
Data Breaches Firewall Daily Main Story

Data of 44 Million Start Users leaked

‘Start’ is a subscription-based streaming service provider that offers Russian content to international users.

Data of 44 Million Start Users leaked
  • PublishedAugust 29, 2022

A database of 44 million users of the online movie app ‘Start’ was leaked online. The 7GB database consisted of the first/last name of the users, their email address, hashed password, IP addresses, country, and the start/end date of the subscription to the service.

Troy Hunt, a renowned Security researcher, discovered a channel where the compromised data was easily accessible. “Found the channel where this was posted; if you’ve seen a download link anywhere, please drop me a DM,” Hunt tweeted while sharing a translated version of the data breach.

Telegram user ‘Information Leaks’ shared the information

‘Start’ is a subscription-based streaming service provider that offers Russian content to international users. The application includes TV shows, Russian movies, and documentaries. With a wide variety of content available for its users, the platform has a diverse user base and has TV series and movies dubbed in over 20 languages.

A Telegram user, “Information Leaks,” shared the news regarding the data leak on the channel, stating that around 43,937127 accounts had been compromised. The user also shared the list of all the data, including sensitive information about the app users, like their IP address, hashed passwords, and more.

According to the information available, the data leak had a wide range of geographical coverage — including 24.6 million Start app users from Russia, 2.3 million from Kazakhstan, 2.1 million from China, and 1.7 million from Ukraine.

The leaked data that was posted on public domains have been blocked by Start. The company checked the data records from the dump using the password recovery function on the start.ru website. Post the analysis, it was found that the 44 million users were indeed signed up on the Start app, and the leak was valid. The analysis also revealed that the data dump was done after September 22, 2021.

Start confirms data leak

According to Meduza.io, which first reported the incident on its website, Start confirmed the data leak and fixed the vulnerability. Access to the leaked data was blocked, and the company claimed that the information leaked was not updated. The data was from 2021, and users may not face any issues other than the leaked email and phone numbers that hackers could use to connect to the user. Start also confirmed that the leaked data did not contain any open passwords or browsing history of users and did not include users’ bank details or financial information.

Written By

The Cyber Express is a publication that aims to provide the latest news and analysis about the information security industry. The news comes from a variety of sources and is updated regularly so that readers can stay up to date with the latest happenings in this rapidly growing field.