A hacker claims to have stolen thousands of passport numbers and other pieces of personal information from the website of a Russian consular department.
The hacker, who calls himself Kapustkiy, plans to publish around a thousand records out of the 30,000 or so he allegedly obtained. The apparent target was ambru.nl, the website for the Consular Department of the Embassy of the Russian Federation in the Netherlands.
"I hacked them to let them understand a databreach," Kapustkiy claimed in a Twitter direct message. "I will dump a little bit online tomorrow."
Kapustkiy provided Motherboard with a file containing over 6,000 records, each including an email address, phone number, passport number and IP address.
Motherboard reached out to a random selection of people included in the dump. Three individuals confirmed that they had used the website. Two of those also confirmed their passport and phone numbers, although both passports were out of date. The third confirmed their phone number, but was unsure if the passport number was his.
Ambru.nl provides information for those seeking visas and Russian citizens residing in the Netherlands. The department did not respond to multiple emailed requests for comment.
Kapustkiy also claimed to have carried out the attack on behalf of a hacking group called New World Hackers. Last week, ZDNet claimed that two members of the group are college students; Kapustkiy told Motherboard he was 17 years old.
The lesson: The tricky thing with identification documents is that you can't really give a fake passport number to a body that requires it. In this case, the victims don't have many options on what they can do to mitigate any risk, but at least some of the passports will be out of date anyway.
Another day, another hack.