Experts are divided on whether the recently leaked database of Ukrainian citizens is a leak from the Diya service.
Experts are divided on whether the recently leaked database of Ukrainian citizens is a leak from the Diya service.
«This is definitely a data leak, but whether it is from „Diya“ or a compilation of other data leaks, it is difficult to say for sure. I am inclined to think that this is a compilation from different sources,» said Serhiy Kharyuk, founder of the cybersecurity company AmonSul, quoted by DOU.
According to him, the information in this database may be real, but outdated. He also admits that the «belonging» of this leak to «Diya» increases the value of the files on the black market, as well as creates a public resonance.
«It is much more difficult to sell just a compilation than to sell a data leak from „Diya“. Or it could be an element of the enemy’s information and psychological operations to destabilize the situation in Ukraine,» added Kharyuk.
At the same time, CyberLab Executive Director Serhiy Denysenko believes that the claims about the leak from «Diya» are incorrect, since the service is not an information repository.
According to him, the data source could have been any other registers, for example, those of the Ministry of Social Policy or the Ministry of Internal Affairs, or databases that have been collected over the years from commercial sources — such as store loyalty programs.
Denysenko emphasizes that verifying the reliability of the database is possible only through in-depth analysis — both of the file itself and of the real data of citizens.
«To do this, you need to take the records and look at the lines that relate to specific people, and physically check them. Preliminary analysis shows that the records are not very relevant, and some appear to be artificially updated,» says the executive director of CyberLab.
In turn, the representative of the Cyberwar Research Institute, George Paparyga, drew attention to the fact that the published file contains addresses on the mail.ru and rambler.ru domains. At the same time, the accounts in the database are supposedly registered in 2023–2024, but this is impossible, since the «Actions» interface blocks the use of such domains.
«When trying to register, a message appears: 'An email address with this domain cannot be used to receive government services,'» says Paparyga.
According to him, the high-profile archive appeared online in the summer, but active discussion began later, which is more like an information dump than a new large-scale leak.
«The file was available back in the summer, and attention has only come now. This looks like an information attack aimed at spreading panic,» he noted.
CyberUnit.Tech CEO Yegor Aushev confirms the thesis that it is impossible to assess the true level of cybersecurity at Diya, since he has not seen reports from the Ministry of Digital Economy on the detection and closure of vulnerabilities. He also claims that the agency did not involve his company or other market players in system audits.
According to him, when creating «Diya», the emphasis was on the rapid launch of services, rather than the principle of secure by design. He believes that similar incidents will be repeated in the future if a culture of cyber protection does not become a priority.
«Best global practices say that almost 20% of the budget should go to cybersecurity,» says Aushev.
Recently, a message from hacker Andriy Baranovich, better known by the nickname Sean Townsend, appeared on Facebook about a data leak from «Diya». This post is currently unavailable.
Later, People’s Deputy Oleksandr Fedienko reported that an archive containing citizens' data called diia_users_db_2025.zip had appeared on the network.
In turn, Diya reported that it had conducted an internal investigation after information about a possible «leak» and stated that the distributed files were falsified and did not originate from Diya’s systems, nor were they the result of a hack or leak.
