- Russian citizens who registered on a Navalny-backed platform have had their personal data stolen and leaked.
- The Moscow police responded to the leak immediately and are already visiting the homes of exposed members.
- This is a catastrophe for the opposition movement in Russia as isolated persons are now facing shattering intimidation.
About 2.2 million email addresses, home addresses, and names provided to the “Умное голосование” (Smart Voting) platform have been leaked, irreversibly exposing the identity of Navalny’s supporters. Unfortunately, according to local media reports, the Moscow police has already visited hundreds coercing them into signing statements of personal data theft by Alexei Navalny himself. Those who refuse are threatened with additional actions for offering financial support to the currently detained politician who is recognized by Amnesty International as a prisoner of conscience.
The data leak appeared on the Telegram channel “Data1eaks” where the hackers accused the FBK, a Russian non-profit organization established by Navalny with the purpose to fight corruption in the country, of holding people’s personal details without permission. “Smart Voting,” the platform that required the email addresses for registration, is a tactical voting strategy project aimed at depriving the nominees of Putin’s political party of votes in regional and federal elections, targeting their fixed monopoly in the country. FBK is the entity behind the Smart Voting project, and it already achieved an improvement of 5.6% in the 2019 Moscow City Duma elections for opposition representatives.
As such, this appears like an attack orchestrated and carried out by state-supported actors who were looking to dismantle the project, expose the members, intimidate them, and stop the movement from getting stronger and more influential. Navalny is such a taboo topic in Russia that the authorities have even throttled Twitter for not removing pro-Navalny posts from the platform quickly enough.
Even if the exposed people will not face any legal repercussions, they will have trouble with their employment - as most of them subscribed to the FBK platform before Navalny was officially accused of extremity and a threat to the country’s national security. All large organizations and public entities in Russia check their job applicants through the database of the Security Council, even though this is an unofficial process and takes place secretly.
Notably, the initial compromise of the “Smart Voting” database may have happened almost a month ago, as a link offering a smaller part (191,500 email addresses) appeared on the '2ch' forum on July 21, 2021. The user who posted it used the nickname “grumpysugar” and talked about various security holes plaguing the site that allowed the exfiltration of the databases of all Russian cities. This latest leak appears to be a compilation of precisely that.