Metropolis

In February 2022 a SQL dump containing the database of the Moscow Metropolis shopping center mobile application was leaked on a darknet forum. The breach exposed the personal details of approximately 86 thousand customers registered within the Metropolis-center.ru digital ecosystem. The compromised data includes sensitive user information such as full names, mobile phone numbers, and email addresses. Additionally, the leak contained links to social media profiles and user passwords secured with the BCRYPT hashing algorithm. The incident highlights vulnerabilities in retail loyalty applications and the persistent interest of threat actors in consumer databases for phishing and credential stuffing attacks.