Tutu.ru Туту.ру New Tourism Technologies NTT

Travel Agency for Online Booking tutu.ru (LLC "New Tourist Technologies") is a Russian travel service operating in Runet.

The main services of the Туту.ру: selling tickets for airplanes, long-distance trains and intercity buses, issuing tourist vouchers, booking hotels, as well as informing about the schedule of suburban trains.

History

2023: Fine of 60 thousand rubles for leakage of user data

In early March 2023, the Tagansky district of Moscow fined the Туту.ру service 60 thousand rubles for leaking user data. The company was found guilty of an administrative offense, which is provided for in Part 1 of Article 13.11 of the Administrative Code (violation of the legislation of the Russian Federation in the field of personal data).

We confirm that we have been assigned a minimum fine of 60 thousand rubles, we do not plan to challenge it, "the Туту.ру press service told TASS.

Service "TuTu" fined for leakage of user data

The fine was issued for a data breach that occurred in July 2022. Then part of the user data "Туту.ру" got on the Internet. The file contained information about bus ticket buyers - these are first and last names, phone numbers and email addresses. The service specified that the database included less than 1% of the data from the total number of orders.

The press service of "Туту.ру" in early March 2023 stressed that the company conducted an investigation and promptly eliminated the causes of the data leak. The "Туту.ру" also assured that the service is continuously working to improve security mechanisms in order to comply with global data security standards.

Andrey Timoshenko, head of information security practice at AksTim LLC (formerly Accenture), says that quite sensitive data has leaked from Туту.ру.

If we proceed from the fact that contacts (last name, first name, phone number, email), dates of birth and passport data have leaked, then this is sensitive information that allows you to accurately identify their owner. It will undoubtedly be used in itself for fraudulent purposes, as well as for various types of attacks aimed at obtaining material benefits by attackers. In addition, passwords are probably at the disposal of cybercriminals, and this is also important, since people often use the same password for different services, he said.[1]

2022: Data of millions of users of the service "Туту.ру" got into the public domain

In early July 2022, it became known that the data of millions of users of the Туту.ру service were made publicly available. The company confirmed the leak and assured that it did not affect customers' payment data.

According to the Telegram channel "Information Leaks," part of the ticket purchase service database (air, railway, bus, etc.) has been published on the Internet tutu.ru. The file contains data from bus ticket buyers - more than 2.6 million lines in total, including:

• names and surnames;
• telephones (2.29 million unique numbers);
• email addresses (over 2 million unique addresses).

Data of millions of users of the service "Туту.ру" got into the public domain

The hacker claims that in addition to this list, he also managed to get dumps of tables of registered users (7 million lines with hashed passwords) and ticket orders (32 million lines with passport data). However, he did not provide any confirmation of the presence of these data, the Telegram channel notes.

According to the press service of "Туту.ру," the hackers had access to a table containing the technical data of the "buses" section of the service. By early July 2022, the company is conducting an internal investigation and is working on several versions of what happened.

The file in question does not contain payment data, arrival-departure points, order dates. But there is a surname and first name (not all passengers), a phone and mail to send a check. By the beginning of July 2023, the reliability of the data is being checked, according to Туту.ру.

Today's attack is far from the first, in recent months, information security specialists "Туту.ру" have recorded dozens of unsuccessful attempts to disrupt the stability of the service. Starting February 24, 2022, Туту.ру, like many large Russian Internet services, was chosen as the object of constant directed and distributed attacks, the company added.[2]

2021: An open letter from Russian online services against Yandex's anti-competitive behavior

On March 18, 2021 TAdviser , information came to the disposal that the Russian Internet the companies signed an open letter in which they expressed concern about the abuse of the dominant position in the search market by "" and Yandex supported the decision that FAS obliged the IT giant to eliminate privileges to promote its own services in this market. More. here

Notes