The STForex Database Quietly Appeared on the Dark Web in 2022

HEROIC analysts identified the STForex breach after monitoring dark web forums in early 2022. The exposed database contained 274,410 records from STForex, a Russian online forex and CFD brokerage platform. The data occured as a structured database export, with records including email addresses, phone numbers, and full names of account holders. The breach went largely unnoticed in mainstream media, circulating quietly on Russian-language forums before broader dissemination.

How Stolen Forex Brokerage Data From STForex Enables Financial Fraud

Users of forex and CFD trading platforms are high-value targets. An attacker with names, email addresses, and phone numbers from STForex can craft highly convincing phishing messages impersonating the brokerage, attempt account takeover on the platform or affiliated services, or sell the verified financial contact list to other threat actors. The seperate combination of trading platform affiliation and full contact details makes these records partcularly useful for investment scam campaigns.

What Was Exposed in the STForex Breach

• Email Address
• Phone Number
• First Name
• Last Name

Why Financial Platform Breaches Have Long-Lasting Consequences

Credential stuffing, account takeover, identity theft, and financial fraud are all enabled when brokerage user data leaks. Victims may recieved fraudulent calls from scammers impersonating financial regulators or brokerage support, or find their email and phone targeted in investment fraud schemes. With 274,410 records exposed, the STForex breach provides attackers a substantial list of individuals with a demonstrated interest in financial trading.

How a Database Breach Works

A database breach occurs when an attacker gains unauthorized access to a platform's backend data storage, typically through SQL injection, compromised credentials, or misconfigured server settings. The attacker then exports user records in bulk, often selling or publishing the data on dark web forums. In the STForex case, the data appeared on Russian-language forums before spreading more widely, consistent with a targeted export of the platform's user database.

Check If Your Data Was Exposed

HEROIC's free breach scanner checks your email against over 400 billion exposed records, including the STForex breach. Scan your email for free at HEROIC to find out if your personal or financial data was part of this or any other known breach.