A database of Russians who purchased fake coronavirus vaccine certificates has leaked online, the Kommersant business daily reported Friday, with experts warning that the buyers are now at risk of both blackmail and jail time.
With vaccine skepticism rampant, many Russians have turned to the black market to purchase counterfeit QR code passes that prove one's vaccination or negative Covid-19 status. Nearly every Russian region now requires the passes in order to access public areas and events amid a record-breaking fourth wave of the pandemic.
The issue gained further urgency as lawmakers announced plans Thursday to mandate the QR codes nationwide and the Kremlin warned that these and other restrictions will only be lifted after the end of the coronavirus pandemic.
According to Kommersant, the names, phone numbers and addresses of 500,000 fake QR code buyers from the Moscow region appeared on the encrypted Telegram messaging app. The data can reportedly be purchased for up to 40 rubles ($0.55) per person.
IT experts told the publication they believe the QR code sellers themselves may have leaked the data to blackmail the buyers into paying for their removal from the database.
“Given that the use of fake QR codes has been proposed to become criminally punishable, this could turn into a new gold mine for fraudsters,” said Ashot Oganesyan, founder of the Data Leakage & Breach Intelligence service that tracks online leaks.
“It’s no surprise that scammers are trying to make money by selling their customers’ data,” Oganesyan was quoted as saying.
Those found guilty of buying a fake QR code risk going to jail for up to one year in Russia. Those implicated in making and selling the fake certificates face up to two years in prison.
“It’s naive to believe that the hackers will be attentive to your personal data if you sought illegal services,” Alexander Dvoryansky, head of strategic communications at the Infosecurity threat detection service, told Kommersant.
News of the data breach follows widespread reports that Russian lawmakers plan to legally require QR codes, a scannable barcode system, to enter stores, cafes and public transportation.
The Kremlin said Thursday that authorities will lift QR code requirements and other curbs imposed to slow the spread of Covid-19 once the pandemic ends.
Russian public health officials forecast this week that the country would come out of the pandemic by 2022, with stubbornly low vaccination levels wrecking the Kremlin’s initial target of reaching herd immunity this year.
