2.7 billion records with American data leaked to open access

Friend

Friend

Professional
Messages
2,653
Reaction score
850
Points
113
The hacker forum published almost 2.7 billion records with personal information of US residents. The leak reveals the names, social security numbers, all known email addresses and possible aliases of the victims.

It is assumed that all this data was obtained from National Public Data, a company that collects personal data and then sells access to it for conducting biographical checks, collecting information about criminal records and working as private detectives. It is believed that National Public Data collects information from open sources in order to create individual profiles for residents of the United States and other countries.

The Bleeping Computer publication says that this story began in the spring of this year. So, in April 2024, a hacker under the nickname USDoD, said that he was selling 2.9 billion records containing personal data of citizens of the United States, Great Britain and Canada, which were stolen from National Public Data.

Then the attacker tried to sell the data for $ 3.5 million and claimed that the dump contains records about each resident of the listed countries. Back in April, journalists tried to contact representatives of National Public Data, but did not receive a response.

After this initial leak, different attackers published partial copies of this dump, and each leak involved a different number of records, and in some cases, the data itself was different.

Now, on August 6, 2024, a hacker under the nickname Fenice posted the most complete version of the data stolen from National Public Data on the Breached hack forum. At the same time, Fenice claims that the information was stolen not by the USDoD mentioned above, but by another attacker known under the pseudonym SXUL.

c678a02e58.jpg


The Fenice dump consists of two text files with a total volume of 277 GB, which contain almost 2.7 billion records in clear text (but not 2.9 billion, as originally stated by USDoD).

While researchers can't confirm that this leak contains information about every single person in the United States, many people have confirmed to the publication that in the dump you can actually find real information about themselves and their family members (including those who have already died). However, some people have told Bleeping Computer that the social security numbers in the dump are linked to other people they don't know, so clearly not all of the information in the database is accurate.

Each record contains: the person's name, mailing address, and social security number. Some records also include additional information, such as other names associated with that person. Previously, the leak also included phone numbers and email addresses, but the dump of 2.7 billion records does not contain them. However, the information is not encrypted and is provided in plain text.

Journalists emphasize that one person can have several records at once (one for each address where he lived). That is, the leak, of course, did not affect almost three billion people, as many media outlets mistakenly reported earlier.

It is also noted that the leak may be outdated, since in many cases the dump does not contain the current residential address of the victims. In other words, the data could have been taken from some old backups.

The leak, which occurred back in the spring, has already led to the filing of numerous class-action lawsuits against Jerico Pictures, the company behind the National Public Data business.

Representatives of the publication summarize that all US residents should assume that at least part of their personal data was leaked due to the attack on National Public Data. People are advised to carefully monitor their credit history for fraudulent activity, as well as to be vigilant against possible phishing by mail and via SMS, since the first versions of the dump included email addresses and phone numbers.
 
1723814690254.png


A database containing nearly 2.7 billion records with personal data of US residents has been freely available on Breach Forums. According to Bleeping Computer, it may be linked to an earlier dataset stolen by the USDoD group from National Public Data, a broker that collects information from publicly available sources to build individual profiles of users in the U.S. and other countries.

The data contains the names, Social Security numbers, and all known physical addresses of Americans. A similar lot was put up on the site in April 2024. Then it was about 2.9 billion records, among which there was information not only about Americans, but also about the residents of Canada and Britain. The cost of the database was estimated at 3.5 million dollars.

However, according to the author of the thread on Breached with the nickname Fenice, the current leak has nothing to do with the activities of USDoD. According to him, SXUL is responsible for the new leak. The database itself consists of two text files totaling 277 gigabytes. Bleeping Computer was able to confirm the accuracy of some of the information, but in some cases the database contains false information. Journalists note that several people can correspond to several records - according to the number of places in which he lived.
 
Last edited by a moderator:
Please note, if you want to make a deal with this user, that it is blocked.
Dilling said:
View attachment 10669
A database containing nearly 2.7 billion records with personal data of US residents has been freely available on Breach Forums. According to Bleeping Computer, it may be linked to an earlier dataset stolen by the USDoD group from National Public Data, a broker that collects information from publicly available sources to build individual profiles of users in the U.S. and other countries.


The data contains the names, Social Security numbers, and all known physical addresses of Americans. A similar lot was put up on the site in April 2024. Then it was about 2.9 billion records, among which there was information not only about Americans, but also about the residents of Canada and Britain. The cost of the database was estimated at 3.5 million dollars.


However, according to the author of the thread on Breached with the nickname Fenice, the current leak has nothing to do with the activities of USDoD. According to him, SXUL is responsible for the new leak. The database itself consists of two text files totaling 277 gigabytes. Bleeping Computer was able to confirm the accuracy of some of the information, but in some cases the database contains false information. Journalists note that several people can correspond to several records - according to the number of places in which he lived.
Click to expand...
Site link?
 
Interesting details raise the question of the authenticity of the data of 3 billion people.

In July, one of the largest data breaches in history occurred, related to the company National Public Data (NPD). The case caused a wide response in the press and became the subject of a class-action lawsuit, although the company remained little known to most people before the incident. Researchers Troy Hunt and Brian Krebs published detailed reviews of the vast array of stolen data.

National Public Data is a company that collects and processes large amounts of personal information to provide various services. Activities include checking records from the U.S. criminal records database, creating background reports, and selling data to mobile apps and background check sites. According to experts, the leak affected not only living people, but also the dead, which further complicates the situation.

The data leak became known in April, when the hacker "USDoD" posted more than 4 TB of data on the Breachforums forum. It was reported that the data of approximately 2.9 billion people was leaked, including social security numbers (SSNs), addresses and other personal data. However, many experts drew attention to the discrepancy in the numbers: the actual number of people is significantly less than the stated amount of data. For example, SSN numbers refer mainly to residents of the United States, while other identifiers are used in Canada and the United Kingdom. Such inconsistencies have raised questions about the reliability and origin of the leaked data.

Many media outlets misinterpreted the number of leaked data, indicating that 2.9 billion people were affected. In fact, this figure reflects the number of rows in the stolen datasets, not the number of affected users. However, it turned out that the data contains duplicate entries, which further confused the situation. For example, many rows contain the same social security numbers, but with different names and addresses. In other words, there may be a lot of duplicates in the claimed 2.9 billion rows, which casts doubt on the number of actual victims.

Atlas Data Privacy Corp. specialists we analyzed the stolen data and reported that it contains 272 million unique SSNs. Most of the entries include name, SSN, and home address, with 26% of the entries also containing phone numbers. Interestingly, a significant part of the data relates to deceased people, and the average age of the victims is 70 years.

In July, the leaked data became available to a wide range of individuals, and NPD notified customers about the data compromise. Particular attention was drawn to the fact that the leak did not contain the data of those people who previously refused to collect and process data, which confirmed the legality of the company's actions. NPD claims to cooperate with law enforcement agencies and conduct an investigation, promising to notify users of further changes in the situation.

Despite the severity of the incident, the exact origin of the data remains unclear. Hackers involved in the dissemination of information regularly published new pieces of data, but the total amount of data did not correspond to the claimed 4 TB. In addition, there were coincidences with previous data leaks from other sources, which raised suspicions that some of the data could have been collected from various sources, including NPD.

Particularly troubling was the fact that some of the data contained inaccurate information. For example, there were records in the database with incorrect dates of birth and inappropriate names. This created additional difficulties for those who were trying to assess the scale of the leak and its consequences.

NationalPublicData.com It is operated by Jerico Pictures Inc., founded by former Broward County Sheriff's Deputy Salvatore Verini. In addition to his data collection activities, Verini is also known for his film roles and producing various documentaries. However, the company does not disclose the sources from which it receives data for its services.

Users whose data may have been compromised are strongly advised to freeze their accounts to prevent possible fraud. It is also important to check your accounts regularly and immediately challenge any suspicious data.

Source
 
Interesting details raise the question of the authenticity of the data of 3 billion people.

In July, one of the largest data breaches in history occurred, related to the company National Public Data (NPD). The case caused a wide response in the press and became the subject of a class-action lawsuit, although the company remained little known to most people before the incident. Researchers Troy Hunt and Brian Krebs published detailed reviews of the vast array of stolen data.

National Public Data is a company that collects and processes large amounts of personal information to provide various services. Activities include checking records from the U.S. criminal records database, creating background reports, and selling data to mobile apps and background check sites. According to experts, the leak affected not only living people, but also the dead, which further complicates the situation.

The data leak became known in April, when the hacker "USDoD" posted more than 4 TB of data on the Breachforums forum. It was reported that the data of approximately 2.9 billion people was leaked, including social security numbers (SSNs), addresses and other personal data. However, many experts drew attention to the discrepancy in the numbers: the actual number of people is significantly less than the stated amount of data. For example, SSN numbers refer mainly to residents of the United States, while other identifiers are used in Canada and the United Kingdom. Such inconsistencies have raised questions about the reliability and origin of the leaked data.

Many media outlets misinterpreted the number of leaked data, indicating that 2.9 billion people were affected. In fact, this figure reflects the number of rows in the stolen datasets, not the number of affected users. However, it turned out that the data contains duplicate entries, which further confused the situation. For example, many rows contain the same social security numbers, but with different names and addresses. In other words, there may be a lot of duplicates in the claimed 2.9 billion rows, which casts doubt on the number of actual victims.

Atlas Data Privacy Corp. specialists we analyzed the stolen data and reported that it contains 272 million unique SSNs. Most of the entries include name, SSN, and home address, with 26% of the entries also containing phone numbers. Interestingly, a significant part of the data relates to deceased people, and the average age of the victims is 70 years.

In July, the leaked data became available to a wide range of individuals, and NPD notified customers about the data compromise. Particular attention was drawn to the fact that the leak did not contain the data of those people who previously refused to collect and process data, which confirmed the legality of the company's actions. NPD claims to cooperate with law enforcement agencies and conduct an investigation, promising to notify users of further changes in the situation.

Despite the severity of the incident, the exact origin of the data remains unclear. Hackers involved in the dissemination of information regularly published new pieces of data, but the total amount of data did not correspond to the claimed 4 TB. In addition, there were coincidences with previous data leaks from other sources, which raised suspicions that some of the data could have been collected from various sources, including NPD.

Particularly troubling was the fact that some of the data contained inaccurate information. For example, there were records in the database with incorrect dates of birth and inappropriate names. This created additional difficulties for those who were trying to assess the scale of the leak and its consequences.

NationalPublicData.com It is operated by Jerico Pictures Inc., founded by former Broward County Sheriff's Deputy Salvatore Verini. In addition to his data collection activities, Verini is also known for his film roles and producing various documentaries. However, the company does not disclose the sources from which it receives data for its services.

Users whose data may have been compromised are strongly advised to freeze their accounts to prevent possible fraud. It is also important to check your accounts regularly and immediately challenge any suspicious data.

Source
 
In July, one of the largest data breaches in history involving National Public Data (NPD) occurred. The case caused widespread media coverage and became the subject of a class action lawsuit, although the company remained unknown to most people before the incident. Researchers Troy Hunt and Brian Krebs have published detailed reviews of the vast array of stolen data.

National Public Data is a company that collects and processes large amounts of personal information to provide various services. Activities include checking records from the U.S. Criminal Records Database, creating reports on a person's past, and selling data to mobile apps and background check sites. According to experts, the leak affected not only living people, but also the dead, which further complicates the situation.

The data leak came to light in April, when the hacker "USDoD" published more than 4 TB of data on the Breachforums forum. It was reported that the data of approximately 2.9 billion people was leaked, including Social Security numbers (SSNs), addresses, and other personal data. However, many experts drew attention to the discrepancy in the numbers: the actual number of people is much less than the declared amount of data. For example, SSNs refer primarily to residents of the United States, while Canada and the United Kingdom use other identifiers. Such inconsistencies raised questions about the reliability and origin of the leaked data.

Many media outlets misinterpreted the amount of leaked data, indicating that 2.9 billion people were affected. In fact, this figure reflects the number of rows in the stolen datasets, not the number of affected users. At the same time, it turned out that the data contained duplicate records, which further confused the situation. For example, many lines contain the same Social Security numbers, but with different names and addresses. In other words, there may be many duplicates in the claimed 2.9 billion lines, which casts doubt on the number of actual victims.

Atlas Data Privacy Corp. analyzed the stolen data and reported that it contained 272 million unique SSNs. Most records include name, SSN, and home address, with 26% of records also containing phone numbers. Interestingly, a significant part of the data relates to deceased people, and the average age of the victims is 70 years.

In July, the leaked data became available to a wide range of people, and NPD notified customers that the data was compromised. Particular attention was drawn to the fact that the leak did not contain the data of those people who had previously refused to collect and process data, which confirmed the legality of the company's actions. The NPD claims to be cooperating with law enforcement and is investigating, promising to notify users of further changes to the situation.

Despite the seriousness of the incident, the exact origin of the data remains unclear. Hackers involved in the dissemination of information regularly published new pieces of data, but the total amount of data did not correspond to the declared 4 TB. In addition, there were overlaps with previous data breaches from other sources, raising suspicions that some of the data may have been collected from various sources, including NPD.

Particularly disturbing was the fact that some of the data contained inaccurate informationIn addition, the Turks and For example, there were records in the database with incorrect dates of birth and inappropriate names. This created additional difficulties for those who tried to assess the scale of the leak and its consequences.

NationalPublicData.com is operated by Jerico Pictures Inc., founded by former Broward County Sheriff's Deputy, Salvatore Verini. In addition to his data collection activities, Verini is also known for his film roles and producing various documentaries. However, the company does not disclose the sources from which it obtains data for its services.

Users whose data may have been compromised are strongly advised to freeze their accounts to prevent possible fraud. It's also important to check accounts regularly and dispute any suspicious data promptly.

• Source: https://www.troyhunt.com/inside-the-3-billion-people-national-public-data-breach/

• Source: https://krebsonsecurity.com/2024/08/nationalpublicdata-com-hack-exposes-a-nations-data/
 
You must log in or register to reply here.

Similar threads

Carding Forum
The Dark Side of Big Data: How the lives of millions of Americans ended up on the Darknet
Replies
0
Views
131
Carding Forum
Carding Forum
chushpan
🚗 Jaguar Land Rover source code and tracking data leaked, hackers claim
Replies
0
Views
139
chushpan
chushpan
Man
$6000 for your career: 183 million professionals woke up famous on the darknet
Replies
0
Views
119
Man
Man
chushpan
🔵 Hackers claim Orange hack, 'very detailed' data
Replies
0
Views
85
chushpan
chushpan
Man
Ford Investigates Customer Data Breach
Replies
0
Views
102
Man
Man
Back
Top