FreeNavalny

A database containing information on individuals who registered for a rally on the Free Navalny website was compromised. The leak occurred between March 23 and April 1 2021 when unauthorized actors gained access to the notification newsletter service API. This breach was facilitated using a valid API key previously belonging to a former employee of the Anti-Corruption Foundation. The incident resulted in the exposure of data for approximately 530000 registered users. Security researchers confirmed that the primary method of extraction was data scraping through the vulnerable mailer integration used by the organization to coordinate supporters.