The details have been revealed concerning a hack of National Public Data (NPD) the consumer data broker which recently leaked thousands of Americans’ Social Security Numbers addresses, addresses, and phone numbers on the internet. KrebsOnSecurity discovered that another NPD data broker who has with them the access rights to records of consumers accidentally published passwords for its database back-end in a database which was accessible for free from its website until the present.
Then, in April of this year, an online criminal dubbed USDoD started selling stolen data from NPD. In July, an individual released the stolen data which included address, names and telephone numbers and, in some instances, email addresses of more than 272 million individuals (including some who are dead).
NPD confirmed the breach on August. 12, stating that it was a result of the security breach in the month of December 2023. In a recent interview, USDoD blamed the July data leak on a malicious hacker that has access to company’s database which they claimed was in the shadows since the month of December 2023.
Following the story last week about the magnitude of the NPD breach A reader was notified by KrebsOnSecurity that a similar NPD property -the background search service recordscheck.net hosted an archive that contained the usernames and passwords of the administrator of the site.
A review of that archive, which was available from the Records Check website until just before publication this morning (August 19), shows it includes the source code and plain text usernames and passwords for different components of recordscheck.net, which is visually similar to nationalpublicdata.com and features identical login pages.
The archive that was exposed and filename “members.zip,” indicates RecordsCheck users were initially given the same password with six characters and were instructed to change it. However, most did not.
According to the breach monitoring company Constella Intelligence, the passwords contained within the archive of source codes are similar to those exposed in earlier security breaches involving accounts with NPD’s founder, a famous actor and former deputy sheriff from Florida known as Salvatore “Sal” Verini.
Contacted by email via email, the Mr. Verini said the exposed archive (a .zip file) that contained recordscheck.net credentials was removed from the website of the company and the website will be shut down “in the next week or so.”
“Regarding the zip, it has been removed but was an old version of the site with non-working code and passwords,” Verini said to KrebsOnSecurity. “Regarding your query this is an ongoing investigation that we are unable to comment at the moment. However, once we are able to then, we’ll be there with you, when we read your blog. It’s very informative.”
The leak of recordscheck.net source code suggests that the website was designed by a web-development company with its headquarters within Lahore, Pakistan called creationnext.com that did not reply to messages requesting comments. CreationNext.com’s homepage includes a glowing review by Sal Verini.
A review by Sal Verini on the homepage of CreationNext The Lahore web-based development company that allegedly created NPD as well as RecordsCheck.
There are a number of websites set up to aid people in determining the extent to which their SSN as well as other information was accessed in the breach. One of them is npdbreach.com which is a lookup site developed in the name of Atlas Data Privacy Corp. A second lookup service is accessible at npd.pentester.com. Both websites reveal NPD had outdated and mostly incorrect information on Yours Truly.
The best suggestion for anyone worried about this breach is to lock down your credit file with all of the leading consumer report bureaus. The fact that you have a frozen file makes it harder for thieves who steal your identity to set up new accounts under your name. It also makes it harder for anyone to access your credit data.
The idea of freezing your data is great idea since all the information ID thieves require to establish your identity is accessible from multiple sources because of the numerous security breaches that we’ve witnessed which involved SSN information and other important statically-based data points about individuals.
Screenshots of Telegram’s ID theft service selling background reports through compromised law enforcement accounts at USInfoSearch.
There are many cybercriminal service providers that provide detailed background checks for clients, which include complete SSNs. These services are driven by compromised accounts at data brokers, which serve private investigators as well as law enforcement officials. they are also completely automated through Telegram instant messaging bots.
On November 20, 2023 KrebsOnSecurity reported on a of these services that was operated by compromised accounts of USInfoSearch, the U.S. the consumer information broker USInfoSearch.com. It is interesting due to the leak of source code that states that Records Check pulled background reports on individuals by querying NPD’s database, as well as records from USInfoSearch. KrebsOnSecurity requested comment about the issue from USInfoSearch in order to update the story should they respond.
The key is that if you’re an American who hasn’t had their credit file, and you haven’t experienced any kind of account fraud that’s new, ID thieves aren’t even able to contact you yet.
All Americans have the right to receive a free copy your credit report each week from all three credit agencies that are the largest. There was a time when consumers could get one FREE report per bureau each year, however in October 2023, the Federal Trade Commission announced the bureaus had been able to extend a program that allows you to check your credit report at least once per week for no cost.
If you haven’t taken this step for a while, this is the perfect opportunity to get your files ordered. In order to place a freeze you’ll have to open an account with any of three main reporting bureaus: Equifax, Experian and TransUnion. After you’ve set up an account, you’ll be able review and even block your file of credit. If you find any errors like random names and addresses that you’re not familiar with Do not overlook the errors. Redress any errors you detect.
