On the evening of May 23, information security specialist Arthur Papyan informed on Facebook that the website of the Globbing trade network had been hacked and customers’ personal data had been leaked.
“A letter was sent to the Armenian media today from a practically anonymous email address created by Protonmail, the author of which claims that the group he represents has found a vulnerability on the Globbing website a year ago about which they had informed the company in a letter several times but Globbing did not pay attention to them. According to the hackers, eventually, a year later, seeing that the vulnerability is still not eliminated, and they continue to ignore them, they decided to publish Globbing’s customer base, sending it to the Armenian media,”Arthur Papyan wrote.
Examining the leaked data, Papyan found out that they were real and they were the data available in Globbing’s databases.
In response, Globbing issued an official statement which categorically denied the rumors that its customers’ data had been leaked.
“Being a leading company, having one of the largest databases in Armenia, receiving threats and extortion attempts as well as possible hacker attacks are not unusual for us. Due to that, we have always prioritized the security of the system, which has worked and still works in its normal way, uninterruptedly and safely.
“We have examined the published materials, they contain data that have never been registered in our system, from which it can be concluded that the data may have been collected from different sources. A significant share of citizens of over 600,000 are registered in Globbing, so data overlaps are inevitable. “There is no need to worry,” Globbing wrote.
During that time, some of the Facebook users confirmed that they had found their personal data in the leaked data, that are exactly the data that they had filled in when opening an account in Globbing.
For example, user Alexey Chalabyan reported that the data of his previous identification card were written in front of his name, which he used only when opening an account in Globbing, therefore, the leaked data is from Globbing.
Fact Investigation Platform examined the leaked data and found out that some of them are really the data of Globbing subscribers.
Thus, the author of this article decided to find out based on his own data to what extent they correspond to the leaked data.
So, the identification code (ID) in the account of citizen Sevada Ghazaryan in Globbing is 467170. This number is unique, unrepeatable, i.e. it cannot be the same for other users.
In the leaked data, the same number in the Globbing account is mentioned in front of Sevada Ghazaryan’s name.
In the first picture is Sevada Ghazaryan’s account and the software codes of that page, where we can see the ID code of the given user.
The second picture is a screenshot taken from the table of leaked data, where we see the same number in front of Sevada Ghazaryan, which was in the software code of the latter’s account.
This means that the data was leaked from Globbing.
However, the name of Sevada Ghazaryan is mentioned twice in the leaked data. The thing is that he has another long-established unused account in Globbing, where other data are filled in – residence address, old passport data and another e-mail address.
In this account too, the identification code matched the identification code of Sevada Ghazaryan in the leaked data.
Here too we compare the ID code of the account with the number in the leaked table by the same principle and are convinced that in both cases the personal data was leaked from the Globbing database.
In other words, the claims that the leaked data belong to Globbing’s customers are confirmed.
And Globbing’s claim that they have 600,000 customers and the data could be from another source and just overlap with their customer data, would be logical if each customer identification number did not exactly match the Globbing identification number.
Thus, we can state that the leaked data are really the data of Globbing’s customers. And Globbing’s claims and assurances that they are data from another source and there are just some overlaps are wrong.