Onesec

🔄 The “Leaks” module, part of the ONETI analytical system, is designed to detect instances of data compromise across external sources.
The module collects and analyzes information from the dark web, closed forums, and specialized platforms where database fragments, leaked credentials, and data dumps are published. It records the initial appearance of exposed data, the source of publication, and the format of the leak.
At this stage, the module enables organizations to:
➖ detect data leaks at an early stage
➖ assess the potential scope of compromise
➖ obtain contextual intelligence for informed managerial and technical decision-making
The “Leaks” module serves as a source of external threat signals and complements internal protection and monitoring mechanisms.
____

🔄"Sizib chiqishlar" moduli ONETI tahliliy tizimining bir qismidir - u tashqi manbalarda ma’lumotlarning sizib chiqishi holatlarini aniqlash uchun mo‘ljallangan.

Modul darknet, yopiq forumlar va ma’lumotlar bazasi fragmentlari, tarqalib ketgan parollar va damp-fayllar e’lon qilinadigan maxsus platformalardagi ma’lumotlarni to‘playdi va tahlil qiladi.
Ma’lumotlarning dastlabki paydo bo‘lishi, nashr manbasi va sizib chiqish shaklini qayd etadi.

Ushbu bosqichda quyidagi imkoniyatlar mavjud:

➖sizib chiqishni erta bosqichda aniqlash
➖xavfga uchrashning ehtimoliy ko‘lamini baholash
➖boshqaruv va texnik qarorlarni qabul qilish uchun kontekst olish

"Sizib chiqishlar" moduli tashqi signallar manbai sifatida ishlatiladi va ichki himoya hamda nazorat vositalarini to‘ldiradi.

A data leak rarely looks like a data leak — and often goes unnoticed…

💬 Learn how leaked data ends up on the dark web and why leak monitoring is critical for business resilience in this post

____

Ma’lumotlar sizib chiqishi kamdan-kam hollarda sizib chiqishga o‘xshab ko‘rinadi va ko‘pincha oxirgi daqiqagacha sezilmay qoladi...

💬U qanday shakllarda namoyon bo‘lishi, qayerda paydo bo‘lishi va nima uchun sizib chiqishni nazorat qilish biznes barqarorligi uchun muhimligini ushbu postda o‘qing💳

⚠️ Potential Personal Data Breach

Reports are circulating on social media and the Reddit platform about an alleged database containing personal data of citizens of Uzbekistan. At this time, there is no official confirmation of a data breach, and an investigation is ongoing.

The database may include:
Full name, date of birth, region of residence, address, contact details, passport information, and data related to government services.

❓ What is recommended to do now:
🟡 Change passwords for e-government portals, banking services, and other critical online accounts
🟡 Enable two-factor authentication wherever possible
🟡 Be especially cautious of calls or messages claiming to be from banks or government authorities

Authorized bodies are currently verifying the authenticity of the information, its source, and the potential scope of the data involved.

____

⚠️ Shaxsiy ma’lumotlarning sizib chiqqani ehtimoli

Ijtimoiy tarmoqlar va Reddit platformasida O‘zbekiston fuqarolarining shaxsiy ma’lumotlari bazasi joylashtirilgani haqida xabarlar tarqalmoqda. Hozircha bu ma’lumotlar sizib chiqqani rasman tasdiqlanmagan, tekshiruv olib borilmoqda.

Bazada quyidagilar bo‘lishi mumkin:
F.I.Sh., tug‘ilgan sana, yashash hududi, manzil, aloqa ma’lumotlari, pasport ma’lumotlari, davlat xizmatlariga oid ma’lumotlar.

❓Hozirda nima qilish tavsiya etiladi:
🟡
e-gov, bank va boshqa muhim onlayn xizmatlardagi parollarni o'zgartirish
🟡
imkon bo‘lgan joylarda ikki bosqichli autentifikatsiyani yoqish
🟡
banklar yoki davlat organlari "nomidan" qilingan qo‘ng‘iroqlar va xabarlarga nisbatan e’tiborli bo‘lish

Vakolatli organlar axborotning haqiqiyligini, uning kelib chiqish manbasini va ma’lumotlarning ehtimoliy hajmini tekshirmoqda.

🔗Batafsil: : https://www.gazeta.uz/ru/2026/02/03/darknet/

🔐 Why alerts matter more than blocking at the initial stage

🚰 When a company becomes aware of a potential data leak, the first instinct is often to block everything immediately — and that reaction is completely natural.

At this stage, however, it is far more important to pause and understand what is actually happening.

1️⃣ The initial alert is not meant to trigger panic. It exists to clarify what data may have been exposed, which systems or access points are involved, and whether the leak is still ongoing.

⏱️ Blocking everything too early can result in losing critical context, making it difficult to see the full picture and leading to decisions made blindly.

That is why, in practice, organizations first capture the signal and assess the situation, and only then determine the appropriate response.

⌛️ This approach keeps the leak as a manageable risk, rather than allowing it to escalate into a chain of chaotic actions.

______

🔐Nima uchun birinchi bosqichda ogohlantirish bloklashdan muhimroq?

🚰 Kompaniya ehtimoliy ma’lumot sizib chiqishi haqida xabar topganda, eng aniq yechim sifatida darhol hamma narsani to‘xtatishga intiladi, va bu tabiiy holat.

Bu paytda to‘xtash va nima sodir bo‘layotganini tushunish muhimroqdir

1️⃣Birinchi signal vahimaga tushish uchun emas, balki nima sizib chiqqanini, qaysi tizimlar yoki kirish yo‘llari ishlatilganini va vaziyat davom etayotgan-etmayotganini tushunish uchun kerak.

⏱ Agar barchasini juda erta to‘xtatib qo‘ysangiz, kontekstni yo‘qotish va haqiqiy manzarani ko‘ra olmasdan ko'r-ko'rona qaror qabul qilib qoyishingiz mumkin.

Shuning uchun amaliyotda dastlab signal qayd etiladi va vaziyat baholanadi, shundan keyingina aniq choralar ko'riladi.

⌛Shunday qilib, sizib chiqish tartibsiz harakatlar zanjiriga aylanmasdan, boshqariladigan xavf bo‘lib qoladi.

⌛️What can a company do if it learns about a leak in time?

💧Data leaks rarely lead to a crisis immediately. There is usually a time lag between the moment when data leaves the company and the actual consequences.

If a company learns about a leak at this stage, it can:

🔵Quickly shut down compromised access
🔵prevent the attack from developing
🔵maintain control over the situation and reputation

At this level, it is important to consider not only the state of internal systems, but also what is already happening with data outside the infrastructure.

✔️Early detection turns a leak into a manageable risk, while late detection turns it into a crisis.

_______

⌛Kompaniya ma’lumotlar sizib chiqishi haqida o‘z vaqtida xabar topsa, nima qila oladi?

💧Ma’lumotlarning sizib chiqishi kamdan-kam hollarda darhol inqirozga olib keladi. Odatda, ma’lumotlar kompaniyadan tashqariga chiqqan payt bilan uning oqibatlari o‘rtasida ma’lum vaqt o‘tadi.

Agar kompaniya bu bosqichda sizib chiqishni aniqlasa, u quyidagilarni amalga oshirishi mumkin:

🔵 xavf ostidagi kirish ruxsatlarini zudlik bilan yopish
🔵 hujumning rivojlanishiga to‘sqinlik qilish
🔵 vaziyat va kompaniya obro‘si ustidan nazoratni saqlab qolish

Bu bosqichda nafaqat ichki tizimlarning holatini, balki infratuzilmadan tashqarida ma’lumotlar bilan nima sodir bo‘layotganini ham hisobga olish muhimdir.

✔️Erta aniqlash sizib chiqishni boshqariladigan xavfga aylantiradi, kech aniqlash esa - inqirozga olib keladi.

🔍Why SOC does not see data leaks outside the company
If there is no incident in SOC, it does not mean that there are no risks.

🚰Data leaks are not always related to hacking into corporate infrastructure; often, information leaves the company without any attacks on IT systems, and such scenarios remain outside the SOC's field of vision.

👽The SOC monitors what is happening inside corporate systems:

who is connecting, what actions are being performed, and whether there is any suspicious activity.

If there have been no intrusions, everything is formally considered to be in order, but in practice, data may end up outside the SOC's purview:

➖through external services and platforms

➖through contractors

➖when using corporate access outside the infrastructure

In these cases:

🟡actions are not captured by monitoring systems

🟡automatic alerts do not trigger

🟡there is no formal incident

⚠️ It is important to understand:

threats are not only formed within corporate systems — some of them arise outside of them, even before the SOC can detect them

🔮Cybersecurity predictions for 2026

2026 will bring increased pressure on businesses. Cyber threats will extend beyond IT functions and directly impact companies' finances, reputation, and sustainability.

What is important to consider now:

✔️ Digitalization in Uzbekistan is developing faster than protection systems
✔️ Attacks are becoming more sophisticated due to the use of AI
✔️ Regulatory requirements for information security are tightening
✔️ A formal approach to security no longer works

In 2026, companies that invest in strategy, processes, and people in advance will remain sustainable.

🖥In the carousel: key risks and practical steps for business.

🔮🔮🔮🔮

🔮2026-yil uchun kiberxavfsizlik prognozlari

2026-yil biznesga bosimni kuchaytiradi.
Kibertahdidlar IT-funksiyalar doirasidan tashqariga chiqib, kompaniyalarning moliyasi, obro‘si va barqarorligiga bevosita ta’sir ko‘rsatadi.

Hozirdanoq e’tiborga olish muhim bo‘lgan jihatlar:

✔️O‘zbekistonda raqamlashtirish himoya tizimlariga qaraganda tezroq rivojlanmoqda
✔️hujumlar AI ishlatish tufayli murakkablashadi
✔️AXga nisbatan tartibga solish talablari kuchaytirilmoqda
✔️xavfsizlikka rasmiy yondashuv endi ishlamaydi

2026-yilda kompaniyalar barqaror bo‘lib qoladi, ular strategiya, jarayonlar va odamlarga oldindan sarmoya kiritadilar.

🖥Karuselda: biznes uchun asosiy xavf-xatarlar va amaliy qadamlar keltirilgan.

🛒🎄О новогодних скидках

В преддверии праздников в Instagram, Facebook и Telegram участились случаи мошенничества под видом "новогодних акций" и распродаж.

❕Один из характерных признаков таких схем - оплата на международные карты (Visa, Mastercard)
Как правило, это объясняется нейтрально: "так удобнее", "местная карта временно недоступна", "оплата только таким способом".

После перевода средств связь с продавцом, как правило, прекращается.

✔️Важно учитывать:

❌переводы на международные карты невозможно отследить
✅переводы на локальные банковские системы (Uzcard / HUMO) в ряде случаев можно отследить по персональным данным владельца
❌ фото, видео и голосовые сообщения не являются подтверждением надёжности — чаще всего используется украденный контент
🟡злоумышленники часто действуют с иностранных номеров
🟡фейковые аккаунты, как правило, созданы недавно и используют подозрительные ссылки

⭐Рекомендации:

🔵не переводите предоплату незнакомым продавцам
🔵не переводите деньги международные платежные системы (Visa, Mastercard)
🔵делайте скриншоты переписки с отображением контакта продавца
🔵проверяйте информацию о продавце в открытых источниках
🔵доверяйте только официальным компаниям и магазинам с подтверждённой историей

____

🛒🎄About New Year's discounts

In the run-up to the holidays, there has been an increase in cases of fraud on Instagram, Facebook, and Telegram under the guise of “New Year's promotions” and sales.

❕One of the characteristic features of such schemes is payment to international cards (Visa, Mastercard).
As a rule, this is explained neutrally: “it's more convenient,” “the local card is temporarily unavailable,” “payment is only possible in this way.”

After the transfer of funds, communication with the seller usually ceases.

✔️Important to note:

❌Transfers to international cards cannot be traced.
✅Transfers to local banking systems (Uzcard/HUMO) can in some cases be traced using the owner's personal data.
❌Photos, videos, and voice messages are not proof of reliability — stolen content is most often used.
🟡Fraudsters often operate from foreign numbers.
🟡Fake accounts are usually recently created and use suspicious links.

⭐Recommendations:

🔵Do not make prepayments to unfamiliar sellers.
🔵Do not transfer money via international payment systems (Visa, Mastercard).
🔵Take screenshots of your correspondence showing the seller's contact details.
🔵Check information about the seller in open sources.
🔵Only trust official companies and stores with a proven track record.

Translated with DeepL.com (free version)