brightpark.ru
Dec 7, 2025
In December 2025, Brightpark (brightpark.ru), an official LADA car dealership in Russia operated by AvtoVAZ, suffered a data breach attributed to the '4B1D' hacking group. The breach exposed approximately 999,491 customer and user records including ~7,833 unique email addresses, names, dates of birth, genders, job titles, phone numbers, physical addresses, usernames, hashed passwords, and website activity data. The data was extracted from a Bitrix CMS database and included CRM contact and lead records.
Data found in this dataset
Source files
Expand any file to inspect its column headers and the LLM's field-mapping reasoning, recorded during ingestion.
Brightpark__Info.txt23 columns0 rows
File structure
| Source column | Mapped field | Confidence | LLM assessment |
|---|---|---|---|
| b_user.2 | username | high | LOGIN column; values are email-style usernames like '[email protected]', '[email protected]' |
| b_user.3 | password | high | PASSWORD column; values are hashed passwords ($6$ sha512crypt and custom hash strings) |
| b_crm_contact.16 | address1 | high | ADDRESS column; physical address field in CRM contact record |
| b_user.18 | phone | high | PERSONAL_PHONE column; values like '89504563499', '+7 909 10 666 25' |
| b_crm_contact.10 | fullName | high | FULL_NAME column; values like 'Игорь Филимонов', 'Марина Семенова', 'Чуранова Елена Борисовна' |
| b_user.24 | city | high | PERSONAL_CITY column; values like 'Пермь', 'пермь' |
| b_crm_contact.11 | firstName | high | NAME column; values are first names: 'Сергей', 'Марат', 'Игорь', 'Марина' |
| b_user.14 | username | medium | PERSONAL_ICQ column; ICQ numbers are social identifiers (e.g. '355870370'); maps to username per ICQ rule |
| b_user.25 | state | high | PERSONAL_STATE column; values like 'Пермский край', 'Пермь' |
| b_crm_contact.12 | lastName | high | LAST_NAME column; values are last names: 'Филимонов', 'Семенова', 'Долгирев' |
| b_crm_contact.23 | dob | high | BIRTHDATE column; date of birth field in CRM contact record |
| b_user.15 | gender | high | PERSONAL_GENDER column; values are 'M' and 'F' |
| b_user.26 | zip | high | PERSONAL_ZIP column; postal code field |
| b_user.48 | dob | high | PERSONAL_BIRTHDAY column; values like '1990-07-31', '1987-08-05', '1984-12-06', '1988-04-18' |
| b_crm_contact.13 | middleName | high | SECOND_NAME column; values like 'Георгиевич', 'Александровна', 'Сергеевич' (Russian patronymics) |
| b_user.27 | country | high | PERSONAL_COUNTRY column; country field |
| b_user.20 | phone | high | PERSONAL_MOBILE column; values like '+7 (963) 861-10-03', '+79655542333', '89226497920' |
| b_user.22 | address1 | high | PERSONAL_STREET column; values like 'Ул. Спешилова 107', 'Краснодонская, 12' |
| b_user.33 | phone | medium | WORK_PHONE column; values like '+79223713009', '89223810849' — personal work phone numbers |
| b_user.8 | high | EMAIL column; values contain email addresses: '[email protected]', '[email protected]' | |
| b_user.6 | firstName | high | NAME column; values are first names: 'Олег', 'Ольга', 'Ирина', 'Алексей' |
| b_user.51 | middleName | high | SECOND_NAME column (Russian patronymic/middle name); values like 'Витальевна', 'Васильевич', 'Ивановна', 'Анатольевич' |
| b_user.7 | lastName | high | LAST_NAME column; values are last names: 'Долженков', 'Климова', 'Лебедев' |
Notes: SQL dump contains two tables: b_user (CMS user accounts, ~63 columns) and b_crm_contact (CRM contacts, ~36 columns). b_user column indices prefixed 'b_user.', b_crm_contact indices prefixed 'b_crm_contact.'. PERSONAL_BIRTHDATE (b_user col 16) is all NULL in samples; PERSONAL_BIRTHDAY (col 48) contains actual DOB values and is mapped. WORK_PHONE (col 33) mapped as phone — personal work numbers. WORK_COMPANY/WORK_DEPARTMENT/WORK_POSITION skipped per business-field exclusion rule. TITLE (col 58) skipped — values are empty/honorific prefix field. HONORIFIC (b_crm_contact col 25) skipped — honorific prefix (Mr/Mrs equivalent). SEARCH_CONTENT (b_crm_contact col 31) contains embedded phone numbers in a blob search index field — not mapped as structured PII column. Passwords appear to be a mix of sha512crypt ($6$) and older custom hash formats.
Brightpark__data__b_crm_contact__b_crm_contact.csv7 columns41,793 rows
File structure
Format: CSV·Delimiter: comma·Has header: yes·Quote: "
| Source column | Mapped field | Confidence | LLM assessment |
|---|---|---|---|
| 10 | fullName | high | [10] header 'FULL_NAME', values are complete names in Russian (Сергей, Игорь Филимонов) |
| 11 | firstName | high | [11] header 'NAME', values are given names (Сергей, Марат, Игорь, Егор) |
| 12 | lastName | high | [12] header 'LAST_NAME', values are surnames (Филимонов, Семенова) |
| 13 | middleName | high | [13] header 'SECOND_NAME', values are patronymics (Георгиевич, Александровна) |
| 16 | address1 | medium | [16] header 'ADDRESS', likely contains street addresses but no sample values shown |
| 23 | dob | medium | [23] header 'BIRTHDATE', expected to contain date of birth values but samples not visible |
| 25 | skip | high | [25] header 'HONORIFIC', this is an honorific prefix (Mr/Mrs/Ms/Dr), NOT a suffix — no PII field exists |
Notes: 36 columns total. This is a Bitrix CMS contact/lead database from the Brightpark LADA dealership breach. Column 10-13 contain name components in Russian; column 23 (BIRTHDATE) is present but no sample values visible. Columns 0,1,2,3,4,5,18,21,22,28,29,34,35 are internal IDs and timestamps (skip). Columns 6,7,8,9,14,15,19,20,24,26,27,30,32,33 are flags, status codes, or derived fields (skip). Phone and email data likely in separate tables; HAS_PHONE=Y and HAS_EMAIL=N suggest contact details are not in this export.
Brightpark__data__b_user__b_user.csv11 columns198,294 rows
File structure
Format: CSV·Delimiter: comma·Has header: yes·Quote: "
| Source column | Mapped field | Confidence | LLM assessment |
|---|---|---|---|
| 2 | username | high | [2] header 'LOGIN', values are email-like usernames used for system authentication ([email protected], [email protected]) |
| 3 | password | high | [3] header 'PASSWORD', values are hashed passwords (bcrypt/SHA-512 format) |
| 6 | firstName | high | [6] header 'NAME', values are given names in Russian (Олег, Ольга, Ирина) |
| 7 | lastName | high | [7] header 'LAST_NAME', values are family names in Russian (Долженков, Долженкова, Климова, Лебедев) |
| 8 | high | [8] header 'EMAIL', values are email addresses with @ symbol | |
| 15 | gender | high | [15] header 'PERSONAL_GENDER', values are M/F gender codes |
| 20 | phone | high | [20] header 'PERSONAL_MOBILE', values are mobile phone numbers in E.164/Russian format (+7 prefix, 10-digit) |
| 24 | city | high | [24] header 'PERSONAL_CITY', values are city names (Пермь) |
| 27 | country | medium | [27] header 'PERSONAL_COUNTRY', values are country codes (0 likely represents Russia/default) |
| 48 | dob | high | [48] header 'PERSONAL_BIRTHDAY', values are dates of birth in YYYY-MM-DD format (1990-07-31, 1987-08-05) |
| 51 | middleName | high | [51] header 'SECOND_NAME', values are Russian patronymic middle names (Витальевна, Ивановна, Васильевич, Анатольевич) |
Notes: 63 columns total, 11 contain PII. Brightpark CMS/Bitrix database export. Columns [29] (WORK_COMPANY) intentionally skipped per EXCLUSION RULES (company field). Columns [0] (ID), [1] (TIMESTAMP_X), [5] (ACTIVE), [9] (LAST_LOGIN), [10] (DATE_REGISTER), [11] (LID), [13] (WWW), [17] (PHOTO), [30] (DEPARTMENT), [31] (POSITION), [33] (WORK_PHONE), [45] (ADMIN_NOTES), [46-47] (HASH/XML_ID), [50] (CHECKWORD_TIME), [52] (CONFIRM_CODE), [53] (LOGIN_ATTEMPTS), [54-57] (ACTIVITY/TIMEZONE), [58-62] (FLAGS/EXPIRY) are non-PII metadata and skipped. Empty columns [12], [14], [16], [18-19], [21-23], [25-26], [28], [32], [34-44], [49], [55] skipped (no data or non-PII).