DeviceLock, a Russian manufacturer of anti-data leakage systems, reported that the number of complaints about attempts to hack accounts on Public Services has increased.
"Also an increase in offers to sell accounts has been noted in darknet and on closed forums, with their cost dropping from $1.35 at the beginning of the year to $0.40 for new accounts and to $0.05 for used accounts," said Yuri Tomashko, CEO of DeviceLock DLP.
According to him, the stolen accounts can be used by fraudsters to apply for online loans and register with bookmakers.
"In addition, criminals can apply for tax deductions and subsidies on behalf of the account owner through a personal account on Gosuslugi, and almost always in such cases fake documents are provided," said Mr. Tomashko.
"Security should be provided by the administrators of the Gosuslugi website. There was already an attempt to hack, then the database of those who had already been vaccinated against the coronavirus was leaked. But if such a problem has started again now, then users can only contact the site administrators," said Alexander Vlasov, an expert in the field of information security.
Another expert Alexander Baranov believes that users of the website Gosuslugi are unable to influence the security of their accounts. In his opinion, the security system on Public Service has a drawback, it's the one-factor authorization.
The expert suggests introducing two-factor authentication on the site to improve security. However, according to him, it is not so easy to do: to change the system it will be necessary to re-register all the users of the portal again, and there are already about 60 million registered citizens of the Russian Federation.
Earlier, E Hacking News reported that experts warned about the risk of hacking and obtaining a loan on the Public Services Portal of the Russian Federation.