leaksear.ch has indexed 7,445 records tied to CDEK from a breach dated March 9, 2022, with email addresses and names available as search pivots (leaksear.ch metadata). Public breach listings identify CDEK as a Russian courier service and describe the broader March 2022 incident as an unverified leak of customer names, email addresses, and phone numbers (haveibeenpwned.com, www.twingate.com).
What happened
Have I Been Pwned lists CDEK as an unverified breach and says that in early 2022 a collective known as IT Army published more than 30GB of data allegedly sourced from CDEK, containing over 19 million unique email addresses with names and phone numbers (haveibeenpwned.com). Twingate's later summary likewise describes the incident as March 2022, attributed to IT Army, and notes that authenticity could not be independently verified (www.twingate.com).
Public reporting on the same period provides context for the attribution: BleepingComputer reported on February 26, 2022 that Ukraine was recruiting a volunteer IT Army to conduct cyberattacks on Russian entities (www.bleepingcomputer.com). The public sources reviewed describe publication of the data, but do not confirm the initial access vector.
What data was exposed
The leaksear.ch index exposes email and name as searchable fields (leaksear.ch metadata). The records also include stored context fields listed as customer_id, id, name_upper, pickup_point, and uuid; these are not listed as direct search pivots in the metadata (leaksear.ch metadata).
The source metadata and public breach listings identify phone numbers as part of the CDEK exposure, but the leaksear.ch searchable pivots for this index are email and name (leaksear.ch metadata, haveibeenpwned.com, www.twingate.com).
Why this matters
Names paired with email addresses and, in the broader leak reporting, phone numbers can support credible parcel-themed phishing, impersonation of courier support, and account-recovery attempts against other services. Customer identifiers and pickup-point references may also help social-engineering messages look more specific. The leaksear.ch metadata does not list passwords or payment-card fields for this indexed dataset, but the contact data alone is still useful for targeted scams (leaksear.ch metadata). People who used CDEK or received deliveries through the service should check whether their email address or name appears in this leak.
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include email and name.