Hackers and the kremlin Competing for russians’ Data

In russia, the number of critical vulnerabilities in financial mobile apps is rising rapidly, posing serious risks to the security of russians’ personal data. In just two years, the number of critical and high-risk “holes” in such services has increased more than 11-fold – from 183 in 2023 to over 2,000 in 2025.

The analysis covered the 90 most popular apps in russia’s banking sector, microfinance organizations, and insurance companies. Although the total number of vulnerabilities in 2025 decreased slightly compared to 2023 (3,555 versus 4,500), experts emphasize that critical issues are growing the fastest. At this, 2024 saw a sharp spike in the total number of vulnerabilities – up to 1,500 in a single year, more than double the figures from the previous period.

If they wish, hackers can gain access to sensitive information, including user credentials and banking details. These vulnerabilities also open the door to interception, data tampering, and phishing attacks.

The reasons for this situation include both the use of unverified third-party libraries and insufficient code review prior to product release. Even large financial institutions with their own cybersecurity teams cannot guarantee an adequate level of protection for their digital services. While hackers are an external threat, the government is an internal one. Alongside the collapse of digital security, the russian state is tightening its control over citizens’ personal data. Mobile operators will be required to provide the government with data sets detailing subscribers’ movements over the past three years. The data obtained is planned to be coordinated, in particular, with the fsb, and in some cases, with the bank of russia.

Despite the stated “data depersonalization”, there is no doubt that russians will face even greater pressure on their privacy from the authorities, while the scale of potential interference in personal lives will only grow.