‘Too much is slipping through’ Russia’s crackdown on leaked data complicates life for criminals, anti‑corruption activists, and private snoops
In early 2021, just over a year before Moscow launched its full-scale invasion of Ukraine, prominent American journalist Ben Smith called Russia “the most exciting place in the world for investigative journalism.” Few would give the country that label today, though one of the very factors he cited — “probiv,” or the purchase of leaked personal data on the black market — still exists. Today, this underground marketplace is under growing pressure. As the Russian authorities crack down on data leaks, prices for stolen information are soaring, and the risks of both sharing and obtaining it are higher than ever. The independent outlet Verstka recently published a deep dive into the current state of the probiv market. Meduza shares a translation of the report.
After a record number of data leaks in 2024, the Russian authorities have ramped up their crackdown on the disclosure of classified information. Security agencies have begun targeting their own employees, the Interior Ministry is reporting record numbers of leak-related felony cases, and lawmakers are tightening the Criminal Code. Against this backdrop, the number of people involved in probiv — the black-market trade in leaked personal data like phone or travel records — is shrinking, while prices continue to climb.
On July 22, security forces raided the office of the Telegram channel Baza. Earlier that month, they issued an arrest warrant for journalist Alexander Atasuntsev. In June, police raided and detained staff at the newsroom of Ura.ru. In each case, according to media reports, the investigations were triggered by journalists’ use of confidential data from the Interior Ministry and the FSB.
The Russian authorities have also filed felony charges against law enforcement officers themselves. The raid on Baza and the arrests of its staff were part of a case against police officers from three Russian regions. According to the country’s Investigative Committee, the officers were involved in “the unlawful transfer of restricted-access information,” which was “subsequently published on a Telegram channel.”
After news broke of the case against Atasuntsev, it was reported that seven people had been detained in connection with the sale of database access. Mediazona found that among those arrested were individuals whose names matched employees at the Interior Ministry’s data center. Before the raids on Ura.ru, a police officer was arrested and testified to having sold internal daily bulletins intended for ministry staff to the outlet.
Skyrocketing costs
Users on dark web forums that trade in restricted data, including government records, say the crackdown has made the business riskier than ever. “They’re tightening the screws,” one user told Verstka. “It’s tough out there right now,” said another.
According to one forum member, the push for harsher penalties began years ago and is still ongoing. As a result, fewer employees at state agencies and private firms are willing to sell confidential data, and prices continue to rise.
One of the most in-demand services is “mobile probiv,” or information tied to a phone number. Over the past three years, prices in this category have surged. In 2022, basic subscriber details could be purchased for 1,300–4,000 rubles ($15–50), and a month’s worth of call and message logs went for up to 30,000 rubles ($365). Now, basic info starts at 8,500 rubles ($100), while full logs for the same period can fetch up to 150,000 ($1,800).
“Hardly anyone is willing to take the risk for peanuts anymore,” the source added, explaining the sharp price increase for his services.
Government-related data has seen even steeper increases. In 2022, passport information cost about 1,400 rubles ($17). By 2025, the price had risen to 9,500 ($115), with some sellers asking up to 23,000 ($280). Access to FSB border-crossing records, which once cost 2,500 rubles ($30), now goes for as much as 33,000 ($400), according to Verstka’s sources.
In less sensitive categories, price hikes have been more modest. For example, tracking a company’s financial transactions cost about 4,500 rubles in 2022 ($54); today, the starting price is 6,500 (80). A property ownership report from the Unified State Register of Real Estate (EGRN) rose just 500 rubles, from 2,000 to 2,500 ($25 to $30), over three years.
Tougher penalties
In response to the 2024 data leaks, lawmakers introduced a new provision to the Criminal Code: Article 272, which carries up to 10 years in prison for the unlawful use, transfer, collection, or storage of personal computer data. In February, police raided the team behind the Telegram bot Glaz Boga (“Eye of God”) as part of an investigation under the new article. The service shut down soon after. In July, a Moscow court used the same statute to place seven people accused of trafficking in databases under pretrial detention or house arrest.
Sarkis Darbinyan, an attorney and the co-founder of the Internet freedom project Roskomsvoboda, told Verstka that the harsher penalties, growing number of probiv-related cases, and prosecution of journalists and officials are part of a broader response to investigative reporting on public figures and military personnel.
“You can’t build a one-sided surveillance system and expect no one to look back at the watchers. But that’s exactly what’s happening,” Darbinyan said. “Investigative reports on corruption, the security services, and probiv are exposing data on everyone — officials, agents, and military personnel — just like on ordinary citizens.”
Against this backdrop, Darbinyan argues, the authorities have concluded that there can be no partial protection when it comes to the right to privacy.
“Either you create a system where the law and institutions turn a blind eye to the problem,” he says, “or you enforce the law strictly across the board — punishing any attempt at probiv or abuse of power with equal severity.”
A source close to the Putin administration offered a similar rationale. He said the FSB is overseeing these investigations for two reasons: the leaks are no longer useful to those in power, and the flow of information has become too uncontrollable. “Too much is slipping through,” he said.
As an example, he pointed to media coverage of the death of former Transport Minister Roman Starovoit. Inconsistencies in the story led to speculation of foul play, despite official claims of suicide. According to the source, it was outlets like Baza — known for accessing Interior Ministry bulletins — that “unfriendly” and Western media cited in their reports.
“Why give people the impression that the state’s information systems are full of holes?” he said.
Who gets into the probiv business
Although prosecutions under Article 272 are already underway, the Interior Ministry’s monthly crime statistics don’t yet reflect its use, and Verstka was unable to find a single published verdict under the new article. However, the Telegram channel Information Leaks reported that there’s already been at least one conviction this year.
According to the channel, the defendant was a former janitor at a district hospital in Sverdlovsk region. She allegedly passed on a patient’s personal data — including diagnosis and medical history — to a third party. Another case was reportedly opened against a regional official in Karelia for illegally sharing personal and property data from the government’s Unified Real Estate Register.
Other probiv sellers are charged under related statutes, such as unlawful access to computer information (Article 272), privacy violations (Article 137), or breach of confidentiality of communications (Article 138). These cases often involve mobile phone store employees, who are frequent providers of mobile probiv.
In March, a Moscow court convicted phone store employee Danila Svistyuk for passing subscriber data to a probiv seller. In December, another phone store employee in Vladimir region, Igor Parkhimovich, was sentenced for giving third parties access to call records.
Some defendants provide data as a favor rather than for payment. In January 2024, senior Interior Ministry investigator Olga Lavrinenko, from the Omsk region, was convicted of using her login to access information on seven individuals at the request of a retired private detective, Nikolai Pingin. Pingin had previously worked with Lavrinenko and once headed an investigative unit. The court found that she hadn’t received money, but cited messages in which Pingin asked her to “look up one guy — urgent.” Pingin was also convicted.
A partial picture
According to Interior Ministry data, in the first five months of 2025 alone, police registered more than 308,000 crimes involving digital technologies or computer data — the highest figure in four years. Nearly 30,000 of those cases were filed under Article 272. For comparison, during the same period in 2022, that figure was 10 times lower. Verstka also found that 267 people were convicted under this article in 2024 — the highest number in three years.
Sign up for Meduza’s daily newsletter
A digest of Russia’s investigative reports and news analysis. If it matters, we summarize it.
Between 2022 and 2024, a total of 914 people were convicted under Articles 137 and 138 of the Criminal Code. Of those, 754 were sentenced for violating personal privacy, while 160 were convicted of violating the confidentiality of communications. Convictions under both articles peaked in 2022, and by 2024, the numbers had begun to decline. However, it remains unclear how many cases are registered under these articles each year or month before reaching the courts, as the Interior Ministry does not report those figures.
In over 94 percent of probiv-related cases, defendants receive non-custodial sentences such as fines, community service, or probation.
For example, the former janitor at the district hospital in the Sverdlovsk region was fined 10,000 rubles ($120). Senior Interior Ministry investigator Olga Lavrinenko from the Omsk region was fined 150,000 rubles ($1,800). An employe at an MTS phone store was sentenced to 200 hours of community service.
Prison sentences are handed down in only 2.5 percent of cases, usually when the leaks involve information about minors. Acquittals are extremely rare — just 0.3 percent of cases.
Still, both court and police statistics only paint a partial picture of data disclosure crimes. That’s because the same articles are also used to prosecute cyber and phone scammers, not just sellers of probiv.
We usually do the talking at fundraisers. This time, we’ll let our readers speak for us. “I’m just a regular guy who recently graduated from college and used to send Meduza a hundred rubles every month. Putin stole my country from me, took away my ability to speak out, and even my freedom to spend my own hundred rubles. Please help Meduza! Freedom for Russia!” — Anonymous