Russian MAX Messenger Hack Exposes Flaws in Kremlin’s Digital Control

Less than two months after its launch, the Russian state-owned messenger MAX suffered a massive hack, resulting in the data of almost all users being leaked online.

The Gaze reports on it, referring to the Center for Countering Disinformation on Telegram.

According to the Center, more than 46 million user records were made publicly available — essentially the entire messenger database. 

MAX was developed by an organization that planned to use it to provide digital passports and access to government services.

Propaganda positioned the messenger as a “reliable and secure” tool for combating fraud and protecting personal data, actively promoting it in government agencies and schools. 

“This situation showed that in reality, the Russian authorities do not care about security; the main thing is total digital control. MAX was supposed to become a symbol of Russia's ‘digital sovereignty,’ but instead became the embodiment of its helplessness,” the statement said.

Such breaches underscore broader cybersecurity challenges and set the stage for Ukraine’s own operations targeting Russian digital infrastructure.

For example, the Main Intelligence Directorate (HUR) carried out a large-scale attack on the servers of the occupying authorities in Crimea, obtaining more than 100 terabytes of data, including correspondence from the “head of Crimea” Sergey Aksyonov and documents on the forcible removal of Ukrainian children to the territory of the Russian Federation.

Earlier, Ukrainian hackers paralyzed online voting during illegal “elections” in the temporarily occupied territories by attacking the servers of the Central Election Commission of the Russian Federation and the remote electronic voting system.

Another operation targeted Russia's economic and energy infrastructure: DDOS attacks blocked fuel payment systems, attacked telecommunications operator K-Corp and online services, resulting in significant economic losses for the aggressor and disrupting the operations of companies associated with the Russian defense industry.

As The Gaze informed earlier, Ukrainian cyber police have played a vital role in an international operation codenamed Checkmate, which successfully took down the notorious cybercriminal group BlackSuit, known for deploying ransomware attacks across the globe.