leaksear.ch has indexed a Business Gazeta dataset containing 155,663 records, with email addresses, usernames, hashed passwords, names, phone numbers, dates of birth, and IP addresses (leaksear.ch metadata). The metadata lists December 17, 2020 as the breach date (leaksear.ch metadata), and the affected name matches business-gazeta.ru, the site used by the Kazan-based БИЗНЕС Online media outlet (business-gazeta.ru).
What happened
Business-gazeta.ru is the publishing site for БИЗНЕС Online, which its own about page describes as a business media outlet in Tatarstan launched in 2007. Медиалогия ranked Business-gazeta.ru second among Tatarstan media resources for 2025 (business-gazeta.ru, mlg.ru).
The leak-source metadata dates the breach to December 17, 2020 and the leaksear.ch indexing date to May 31, 2026. The metadata does not identify an intrusion method, attacker, third-party service, or public disclosure by the organization, so the exposure vector should be treated as unconfirmed rather than attributed to ransomware, scraping, misconfigured storage, or a vendor compromise (leaksear.ch metadata).
What data was exposed
Based on the leaksear.ch indexing metadata, the searchable fields in this dataset are dates of birth, email addresses, hashed passwords, IP addresses, names, phone numbers, and usernames (leaksear.ch metadata).
Other fields listed in the records, but not directly searchable on the platform, include profile or biography text, account creation and last-login dates, a second password-hash field, API-token and random-key fields, sex, source, state, user ID, profile image, and work information. The supplied metadata does not list payment card numbers or national identity document numbers (leaksear.ch metadata).
Why this matters
Names, dates of birth, email addresses, phone numbers, and usernames can be used to build convincing phishing and account-recovery scams. Hashed passwords are not plaintext, but they still represent credential material, especially if users reused passwords or if weak hashes are later cracked. IP addresses and login-context fields can also help attackers make social-engineering attempts look more specific. Readers who used Business Gazeta or БИЗНЕС Online should check whether their email, username, phone number, name, date of birth, IP address, or hashed password appears in this leak.
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include date of birth, email, hashed password, ip address, name, phone, and username.