Russia is scrambling to rein in the country’s sprawling illicit market for leaked personal data, a shadowy ecosystem long exploited by investigative journalists, police and criminal groups.
For more than a decade, Russia’s so-called probiv market – a term derived from the verb “to pierce” or “to punch into a search bar” – has operated as a parallel information economy built on a network of corrupt officials, traffic police, bank employees and low-level security staff willing to sell access to restricted government or corporate databases.
While leaked databases exist everywhere, the scale and routine use of probiv is uniquely Russian. It grew out of the country’s deeply corrupt state infrastructure and became indispensable both to those seeking to exploit the system and to those trying to expose it.
For a modest fee – sometimes as little as $10 – buyers can obtain passport numbers, home addresses, travel histories, car registrations and internal police records. At the higher end, entire dossiers could be purchased on individuals, including metadata on calls and movements.
Probiv, whose use remains controversial among Russian journalists, have underpinned high-profile investigations, including tracing the FSB state security unit behind the poisoning of Alexei Navalny.
It also served the police and security services themselves, who routinely used the black market to track activists, opposition figures and anyone who fell outside the state’s favour.
“It is one of the paradoxes of modern Russia: on the one hand, these services are illegal and rely on leaked data, yet on the other, they are far more convenient for day-to-day police work than the multitude of official departmental databases,” said Andrei Zakharov, an investigative journalist who recently published a book on probiv.
But as the war in Ukraine stretched into its fourth year, the Kremlin began to view probiv less as a tolerated convenience and more as a threat.
Phone scam syndicates were using leaked data on an industrial scale, while Ukrainian intelligence had learned to exploit the country’s porous information landscape to identify and assassinate military officials inside Russia.
During his annual phone-in with the nation last year, President Vladimir Putin himself admitted that a close friend had fallen victim to a phone scam.
That incident, said Zakharov, was the signal for security services to start closing down on the probiv market. Over the past year, Putin has signed laws tightening penalties for data leaks, imposing up to 10 years in prison for accessing or distributing such information.
The security services have also begun an aggressive hunt for probiv operators, detaining several brokers and targeting the infrastructure they rely on. Among the most high-profile arrests was of the team behind Usersbox, one of the widest-used and cheapest services.
But the Kremlin’s war on probiv appears to have had the opposite effect, Zakharov said. Many of the leading probiv operators and brokers have moved their businesses abroad where they are far less constrained by informal deals with the security services or fear of immediate arrest.
“Before, they still worked with the security services, or would think twice before releasing something extremely sensitive. Now all their brakes are off,” Zakharov said. “They’re dumping one sensitive leak after another.”
He cited last year’s massive FSB database known as Kordon-2023, which was leaked online, containing details of people who had crossed Russia’s borders between 2014 and 2023. Zakharov described it as one of the largest and most consequential leaks to date.
Well-known services such as Himera, which had been known to cooperate with the authorities, have changed course: the group said it had cut off law-enforcement access and relocated all its staff.
Ukrainian hackers have joined in. Since Russia’s full-scale invasion, pro-Ukrainian hackers and other intelligence groups have repeatedly breached Russian state and commercial systems, stealing data and releasing it openly – often for free, and largely for ideological reasons.
Last year, the Ukrainian hacker group KibOrg published online a database belonging to clients of Alfa Bank, Russia’s largest private commercial bank.
The leak allegedly contained personal data on roughly 24 million individuals and more than 13m organisations.
“Taken together,” Zakharov said, “it has never been easier to find private Russian data on the market.”
The best public interest journalism relies on first-hand accounts from people in the know.
If you have something to share on this subject, you can contact us confidentially using the following methods.
Secure Messaging in the Guardian app
The Guardian app has a tool to send tips about stories. Messages are end to end encrypted and concealed within the routine activity that every Guardian mobile app performs. This prevents an observer from knowing that you are communicating with us at all, let alone what is being said.
If you don't already have the Guardian app, download it (iOS/Android) and go to the menu. Select ‘Secure Messaging’.
SecureDrop, instant messengers, email, telephone and post
If you can safely use the Tor network without being observed or monitored, you can send messages and documents to the Guardian via our SecureDrop platform.
Finally, our guide at theguardian.com/tips lists several ways to contact us securely, and discusses the pros and cons of each.
