Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
New details of the largest leak of personal data have been discovered.
New details of the National Public Data (NPD) data leak have become known. A company that works with NPD and has access to the same databases accidentally published the passwords to the databases directly on its website.
The incident became known in April 2024, when a USDoD hacker began selling stolen NPD data. In July, more than 272 million people were leaked online, including names, SSN numbers, addresses, and phone numbers. After publishing about the scale of the leak, one of the readers of KrebsOnSecurity reported that the NPD-related data check service recordscheck[.]net accidentally posted an archive with administrator usernames and passwords on its website. The archive was available on the website until August 19.
The archive contained cleartext passwords for various components of the recordscheck website, which is similar in appearance and functionality to nationalpublicdata. The archive also found evidence that users were originally assigned the same six-digit password, which many never changed.
In addition, these passwords are the same as those compromised in previous leaks involving the accounts of NPD founder Salvatore Verini. Verini confirmed that the archive had been deleted and recordscheck would soon cease to operate. Verini also clarified that the archive contained an old version of the site with a broken code and passwords, and that the investigation of the incident is still ongoing.
The site was developed by Creation Next, a company from Pakistan, which has not yet commented.
Several sites have already appeared on the Internet that allow users to check whether their personal information has been compromised as a result of this leak. One such site is npdbreach[.]com, and the other is npd[.]pentester[.]com. Both resources showed that the NPD data is outdated and contains many inaccuracies.
Users whose data may have been compromised are strongly advised to freeze their accounts to prevent possible fraud. It's also important to check accounts regularly and dispute any suspicious data promptly.
National Public Data is a company that collects and processes large amounts of personal information to provide various services. Activities include checking records from the U.S. Criminal Records Database, creating reports on a person's past, and selling data to mobile apps and background check sites. According to experts, the leak affected not only living people, but also the dead, which further complicates the situation.
Source
New details of the National Public Data (NPD) data leak have become known. A company that works with NPD and has access to the same databases accidentally published the passwords to the databases directly on its website.
The incident became known in April 2024, when a USDoD hacker began selling stolen NPD data. In July, more than 272 million people were leaked online, including names, SSN numbers, addresses, and phone numbers. After publishing about the scale of the leak, one of the readers of KrebsOnSecurity reported that the NPD-related data check service recordscheck[.]net accidentally posted an archive with administrator usernames and passwords on its website. The archive was available on the website until August 19.
The archive contained cleartext passwords for various components of the recordscheck website, which is similar in appearance and functionality to nationalpublicdata. The archive also found evidence that users were originally assigned the same six-digit password, which many never changed.
In addition, these passwords are the same as those compromised in previous leaks involving the accounts of NPD founder Salvatore Verini. Verini confirmed that the archive had been deleted and recordscheck would soon cease to operate. Verini also clarified that the archive contained an old version of the site with a broken code and passwords, and that the investigation of the incident is still ongoing.
The site was developed by Creation Next, a company from Pakistan, which has not yet commented.
Several sites have already appeared on the Internet that allow users to check whether their personal information has been compromised as a result of this leak. One such site is npdbreach[.]com, and the other is npd[.]pentester[.]com. Both resources showed that the NPD data is outdated and contains many inaccuracies.
Users whose data may have been compromised are strongly advised to freeze their accounts to prevent possible fraud. It's also important to check accounts regularly and dispute any suspicious data promptly.
National Public Data is a company that collects and processes large amounts of personal information to provide various services. Activities include checking records from the U.S. Criminal Records Database, creating reports on a person's past, and selling data to mobile apps and background check sites. According to experts, the leak affected not only living people, but also the dead, which further complicates the situation.
Source
