DLBI: Data Leakage & Breach Intelligence

The main articles are:

• Data mining Data mining
• Data breaches
• Data breaches in Russia

History

2025: DLBI monitoring service wins court over Roskomnadzor monitoring service

In the tenth of December, the Arbitration Court of the city Moscow published a justification^[1] of its decision, which it made at the end of November on a lawsuit Roskomnadzor against the DLBI monitoring service. In the course of many months of proceedings, the arbitration court did not see a violation of the law on personal data by the DLBI service.

𝓲

Фото: Freepik

Roskomnadzor filed a lawsuit against DLBI on June 4, 2025, after the launch of the automated system for monitoring personal data of Roskomnadzor (AS MPDn). The latter, according to Milos Wagner^[2]the deputy head of Roskomnadzor, started working in 2024 and, according to data for the summer of 2025, analyzed up to 50 thousand sites in the.RU zone. The share of violators of the requirements of the legislation based on the results of these inspections was 77%.

Prior to that, Roskomnadzor specialists monitored sites for violation of the rules for processing personal data manually, and sometimes even referred in their documents to publications in the Telegram channel "Information Leaks^[3]is conducted by DLBI specialists.

In the statement of claim, Roskomnadzor pointed to an administrative protocol for violation of DLBI requirements of Article 13.11 of the Administrative Code of the Russian Federation Part 1, that is, for the processing of personal data in cases not provided for by law, or incompatible with the purposes of their collection.

The protocol on an administrative offense states that in order to exercise the powers to protect the rights of personal data subjects, Roskomnadzor monitored the Internet, a site at https//dlbi.ru, which revealed the fact of the functioning of an automated service for monitoring personal data leaks contained in databases illegally distributed in unlimited access. The specified site has implemented functionality to collect and provide, at the request of users of the Site, personal data contained in databases illegally distributed on the Internet, including in the DarkNet information segment of the Internet. At the same time, there is no information on the legal grounds for processing personal data on the Website, the statement of claim says.

The court recognized the competence of Roskomnadzor to monitor sites and draw up a protocol, but indicated that the information posted on the DLBI website only indicates monitoring data located on sites Internet as a whole, and the plaintiff did not provide evidence that they relate to "personal data," which is protected in accordance with law No. 152 "On personal data." At the same time, Roskomnadzor actually represents the defendant as a certain intermediary between visitors to the website and databases illegally distributed on the Internet, although the site itself dlbi.ru only contains the processing of personal data of visitors to the site itself, as well as analytical articles on personal data leaks, popular passwords and other generalized information.

The court pointed out that the plaintiff unreasonably combines the circumstances of the processing of personal data against visitors to the defendant's website and users of the service mentioned above. So, in the first case, the defendant is a personal data operator, and in the second case - no, since the service processes not personal data, but all data in which to search for signs of the presence of personal user data in them.

Moreover, even these signs of the presence of personal data are not established directly by the DLBI service (the database does not store phone numbers or email addresses of customers), but only in the form of hashes of a phone number or email address that do not allow restoring the original data.

In addition, the search service itself is provided not directly (from the dlbi.ru website), but through partners. In particular, the court ruling indicates the "Defender" system that MTS offers its customers. As Ashot Hovhannisyan, founder of the DLBI service, explained to TAdviser, the service does not have many customers - the company does not disclose their list. However, he pointed out that there is a similar international service - Have I Been Pwned (HIPB)^[4], which may not comply with the requirements of Roskomnadzor at all.

In fact, the presence of a service that warns about personal data leaks is a generally recognized world practice. At the same time, AS MPDn is engaged not in searching for leaked personal data on the Internet, but in identifying violations by sites in the design of personal data processing processes according to the requirements of Law No. 152-FZ.

2023: Provision of data for the FinZashchita service

On August 28, 2023, the MTS ecosystem launched the FinZashchita service for individuals, which allows you to track the actions of credit fraudsters and helps to monitor the safety of user data. On the service website, customers will be able to check for free whether their phone number and other data have entered the fraudsters' databases. Information about data leaks for this service is provided by the project partner, the DLBI (Data Leakage & Breach Intelligence) service, a Russian service for intelligence of vulnerabilities and data leaks, as well as monitoring fraudulent resources on the darknet. Read more here.

2022: Opening the API to the Data Leakage & Break Intelligence monitoring system

Russian service intelligence data breaches Darknet DLBI and monitoring opened to the API monitoring system. DLBI Data Leakage & Breach Intelligence announced this on November 17, 2022. Now the company's customers can to integrate monitor the darknet with their own funds information security and automatically receive and process notifications about the appearance of their data leaks.

The real-world time broadest monitoring and darknet network Internet allows DLBI to detect leaks before they become available to members of the professional community, and even more so before information they enter the public field.

One of the features of Data Leakage & Break Intelligence is the automatic identification of compromised accounts, including logins and passwords, which allows you to prohibit their use faster than hackers can use this data in attacks based on password reuse.

To identify leaked passwords, one of the large account databases with a volume of more than 7.6 billion login-password pairs is used, of which almost 1 billion was added in 2022. Constant replenishment of the base is carried out using monitoring of darknet sites, Telegram channels and closed forums.

Password reuse attacks are becoming a real headache for information security services. Logins and passwords that comply with formal rules get leaked, and then collected by hackers and used to attack corporate and government resources. In particular, a similar scheme was used by Ukrainian "Hacktevists" in several recent attacks on the websites of Russian departments, noted DLBI founder, Ashot Hovhannisyan.

Notes