Russia is currently scrambling to rein in the country’s sprawling illicit market for leaked personal data, a shadowy ecosystem long exploited by investigative journalists, police, and criminal groups. However, the Kremlin’s crackdown appears to be causing unintended consequences, pushing brokers out of state control and flooding the internet with sensitive information.
Why it matters
For more than a decade, Russia’s so-called probiv market—a term derived from the verb “to pierce” or “to punch into a search bar”—has operated as a parallel information economy. It is built on a network of corrupt officials, traffic police, bank employees, and low-level security staff willing to sell access to restricted government or corporate databases.
While leaked databases exist everywhere, the scale and routine use of probiv is uniquely Russian. It grew out of the country’s deeply corrupt state infrastructure and became indispensable both to those seeking to exploit the system and to those trying to expose it.
For a modest fee—sometimes as little as $10—buyers can obtain passport numbers, home addresses, travel histories, car registrations, and internal police records. At the higher end, entire dossiers could be purchased on individuals, including metadata on calls and movements. This market has underpinned high-profile investigations, including tracing the FSB state security unit behind the poisoning of Alexei Navalny.
What to know
As the war in Ukraine stretched into its fourth year, the Kremlin began to view probiv less as a tolerated convenience and more as a threat. Phone scam syndicates were using leaked data on an industrial scale, while Ukrainian intelligence had learned to exploit the country’s porous information landscape to identify and assassinate military officials inside Russia.
According to investigative journalist Andrei Zakharov, a turning point came during President Vladimir Putin’s annual phone-in last year, where he admitted that a close friend had fallen victim to a phone scam. That incident signaled security services to start closing down the market. Putin has since signed laws tightening penalties for data leaks, imposing up to 10 years in prison for accessing or distributing such information.
Security services have begun an aggressive hunt for probiv operators, detaining several brokers and targeting the infrastructure they rely on. Among the most high-profile arrests was the team behind Usersbox, one of the widest-used and cheapest services.
However, sources indicate the crackdown has backfired. Many leading probiv operators have moved their businesses abroad, where they are no longer constrained by informal deals with security services or fear of immediate arrest. This has led to massive data dumps, such as the Kordon-2023 leak, which contained details of people crossing Russia’s borders between 2014 and 2023.
What people are saying
“It is one of the paradoxes of modern Russia: on the one hand, these services are illegal and rely on leaked data, yet on the other, they are far more convenient for day-to-day police work than the multitude of official departmental databases,” said Andrei Zakharov, who recently published a book on the subject.
Regarding the current state of the market, Zakharov noted that the relationship between brokers and the state has fundamentally shifted. “Before, they still worked with the security services, or would think twice before releasing something extremely sensitive. Now all their brakes are off,” Zakharov told The Guardian. “They’re dumping one sensitive leak after another.”
“Taken together,” Zakharov added, “it has never been easier to find private Russian data on the market.”
What happens next
The market is likely to become more chaotic and less regulated by the state’s informal influence. Well-known services such as Himera, which had previously cooperated with authorities, have reportedly cut off law-enforcement access and relocated staff.
Furthermore, the conflict has introduced ideological actors into the ecosystem. Since Russia’s full-scale invasion, pro-Ukrainian hackers have repeatedly breached Russian systems. Last year, the group KibOrg published a database belonging to clients of Alfa Bank, allegedly containing personal data on roughly 24 million individuals. As these groups continue to operate outside Russian jurisdiction, the volume of sensitive data available to the public—and foreign intelligence services—is expected to grow.
