In the first half of 2026, significantly fewer new databases with personal data leaked from Russian companies and organizations appeared in the public domain. Smart Business Alert found 54 such sets totaling 24.3 million entries — four times fewer in quantity and 22 times less in volume than a year earlier. At the same time, the number of advertisements for selling stolen information increased by almost 60% — to 38.1 thousand.

F6 saw a similar picture. The company recorded 88 new publications compared to 162 a year earlier, and their total volume decreased by 43% — to 114 million entries. Full names, phone numbers, addresses, passwords, dates of birth, email addresses, and passport data were exposed online.

This is enough for fraudsters to know where a person made purchases or studied, address them by name, and devise more convincing deception scenarios. Retail, online stores, educational organizations, loyalty programs, and the public sector are most frequently targeted.

Experts warn: there are fewer open publications, but not necessarily fewer hacks. Fresh data may be immediately bought out by bot owners who specialize in data retrieval, while old databases are combined and resold as new. Their cost on the dark market ranges from $50 to $10–20 thousand.

Read more on the topic: