Data leaks in Russia have seen a significant decline in the first quarter of 2025, according to a report by DLBI, a vulnerability and data leak intelligence service. The analysis reveals a 5.5x reduction in leaks compared to the same period in 2024, with only 37 incidents recorded. However, the report also highlights a concerning trend: probing bots are aggressively purchasing and consolidating leaked data, driving demand for compromised information on darknet markets.
Key Findings: Decline in Leak Volumes
DLBI’s research shows that Q1 2025 saw 21.5 million unique phone numbers and 17 million email addresses exposed, a sharp drop from the 157 million phone numbers and 60 million emails leaked in Q1 20241. The logistics sector emerged as the most affected, accounting for the majority of breaches, followed by information services (4.5%) and entertainment platforms (3%)2. This contrasts with 2024, where financial institutions and e-commerce dominated leak volumes.
Probing Bots and Darknet Market Dynamics
Despite the decline in leaks, probing bots—automated tools designed to aggregate and validate stolen data—have intensified their activity. Darknet forums now feature exclusive offers for newly leaked databases, with some listings priced above $10,0003. These bots cross-reference data from multiple breaches, creating enriched profiles that are more valuable to attackers. Ashot Oganesyan, DLBI’s founder, notes that many leaks from late 2024 only appeared on darknet markets in early 2025, suggesting a 3–6 month delay in public reporting4.
Regulatory Impact and Future Projections
New legislation under Article 272.1 of the Russian Criminal Code has criminalized unauthorized data trading, leading to the shutdown of 40% of probing platforms by April 20255. However, DLBI warns that leak volumes could double or triple by late 2025 due to pent-up demand and delayed disclosures. The logistics sector’s vulnerabilities may also be linked to a 30% drop in freight volumes, as economic strain often correlates with weaker security practices6.
Relevance to Security Professionals
For security teams, the rise of probing bots underscores the need for enhanced monitoring of darknet markets and delayed leak disclosures. Organizations in high-risk sectors, such as logistics and finance, should prioritize:
- Regular audits of third-party vendor security.
- Multi-factor authentication (MFA) enforcement for sensitive systems.
- Darknet monitoring services to detect early signs of data exposure.
DLBI’s findings suggest that while regulatory measures have disrupted some illicit activities, the adaptive nature of probing bots means that leaked data remains a persistent threat. Proactive defense strategies, including threat intelligence sharing and automated breach detection, will be critical in mitigating risks.
Conclusion
The decline in Russian data leaks is a positive trend, but the aggressive tactics of probing bots reveal an evolving threat landscape. Security teams must remain vigilant, particularly as delayed leak reporting and economic pressures create new vulnerabilities. Continuous monitoring and adaptive defense measures will be essential to counter these challenges.
References
- “DLBI: объем утечек в России снизился,” CNews, 2025.
- “Боты-пробивщики разогнали спрос на новые утечки данных,” RTVI, 2025.
- “Боты-пробивщики начали массово скупать данные россиян,” Izvestia, 2025.
- “Новые законы и тренды утечек данных,” Kommersant, 2025.
- “В России на треть снизился объем грузоперевозок,” 5koleso.ru, 2025.
- “Global Data Aggregation Trends,” ITRN, 2025.
