The gray market for corporate data is changing: fewer and fewer databases are becoming publicly available. Some leaks are being bought out by "probing" services, closed intermediaries, and Telegram bot operators, while old databases are being repackaged into detailed customer profiles.
Experts call this market a full-fledged ecosystem where data has become a liquid commodity. Buyers are offered not just a file with information, but a ready-made service: database selection, various payment methods, support, and further resale.
Among the sellers are hacker groups, resellers, bot operators, and insiders within companies. According to experts, a significant portion of the offers comes from employees who have legal access to internal systems: call center operators, customer service managers, and technical personnel.
The highest demand remains for personal data: full name, phone numbers, email, addresses, passport details, SNILS, INN, financial information, and credentials. Databases from retail, marketplaces, the public sector, financial organizations, logistics, and delivery are especially in demand.
The market is also moving towards "enriched" profiles, where information from different sources is combined into one person's card. For example, delivery data can be supplemented with banking information and contacts.
According to F6, 250 new public leaks from companies in Russia and the CIS were recorded in 2025, compared to 455 a year earlier. However, the volume of records with data of Russians exceeded 767 million lines. At the same time, some major leaks do not appear publicly at all: according to DLBI's estimates, at least 40 significant databases were bought out by Telegram bot owners.
Experts believe that the market is not shrinking, but going deeper into the shadows. For companies, this means a new risk: not only the leak itself is dangerous, but also the subsequent life of the data, which can be resold, combined, and reused for years.