Lukoil.ru

In 2022 a significant data exposure affected the Lukoil bonus program in Russia. The incident involved the scraping of customer data likely due to a vulnerability on the official loyalty program website. The exposed database contained approximately 13 million records including personal details of gas station customers. The primary cause appears to be automated parsing of the web interface which allowed unauthorized actors to compile a massive list of loyalty card holders and their associated contact information.