TLO Service: how a fraudster sold a secret database of debtors

[Brother]

The investigation revealed a simple and budget-friendly way to find out everything about your neighbors.

In a joint investigation of the portals 404 Media and Court Watch, it is reported that the authorities of the state of Baltimore, USA, accused a man of running a service for quick and cheap disclosure of personal data of Americans. Shuby Charleron, the alleged creator of the TLO service, is accused of selling personal data to more than 5,000 victims.

The data source is TLOxp, a powerful TransUnion consumer credit reporting agency data processing tool used by debt collectors and law enforcement agencies. But in this case, the data was used for credit card fraud. Charleron, known in one of the messengers as "The Real Jwet King", managed the "TLO LOOK UPS" chat with almost 800 participants. The court record does not specify which app was used to communicate with clients.

The data purchase process started with sending the target's name and address to Charleron. Then, for $25, he provided the requested information. In one case in March 2022, Charleron provided the data of five people just 3 minutes after the payment was received. The information included dates of birth, social security numbers, and phone numbers of victims. In some cases, people's driving licenses were also disclosed.

The investigation does not disclose how Charleron obtained the data. According to the source, TLO has become a brand for data sellers on the black market, without always pointing to the real source of data. TransUnion confirmed the misuse of TLOxp, but noted that fraudsters sometimes use data from other sources.

In one case, the data buyer used it to activate credit cards in the names of 80 victims. The attacker made unauthorized purchases worth more than $90,000 over the course of almost a year.

A criminal case was opened against Charleron. It is noted that the service worked from February 2020 to May 5, 2023. The investigation links Charleron's IP addresses to his residences in Baltimore and Laurel, Maryland. The owner of the TLO bot, which is involved in the investigation, said that the news does not bother him. He said that he has been doing this for many years, and to block his accounts, a massive purge will be required. The U.S. Postal Inspection Service did not comment.

 

[Carding Forum]

On the popular freelance platform, dozens of merchants sell access to the powerful TLOxp tool used by private detectives, law enforcement agencies, and insurance companies to obtain personal data of US residents. The tool provides not only social Security numbers (SSNs), but also unregistered phone numbers, utility data, physical addresses, and more.

Shadow Exchange

Dozens of sellers on the freelance platform Fiverr claim to have access to a powerful information tool used by private detectives, law enforcement agencies and insurance companies that contains personal data of most of the US population. This was announced in early July 2024 by the publication 404media.

On the Fiverr freelancing platform, a new service "doxing" has also appeared, which has become a new job for freelancers. The term "doxing "is an abbreviation of the English slang words" drop drop dox "(throw off documents)," dox " (documents). According to ads reviewed by experts from 404 Media, sellers offer potential buyers to dig into this data, including finding out people's SSN numbers for as little as $30. The advertised tool is TLOxp, supported by the TransUnion credit Bureau, and can also provide unregistered phone numbers, utilities, physical addresses, and more.

There is a high probability that many of these ads are scams that aim to take money from people without providing them with the requested data, or by obtaining it in another way and presenting the results as a TLOxp search. Be that as it may, the existence of these ads presents Fiverr with the challenge of content moderation.

404 Media has already talked about how TLOxp and similar tools have become a secret weapon in the digital underground: hackers and scammers use them to dox people in a matter of minutes. IT tools can be particularly powerful because some of them use credit header data, which is personal information that people provide to their financial institutions in the normal course of getting a credit card, which is then passed on to a wide network of other companies.

Search and open publication of personal information about a person

Typically, doxing is a malicious action directed against people with whom the attacker does not agree or is not on the best of terms. Doxing is the online disclosure of identifying information about someone, such as their real name, home address, place of work, phone number, financial and other personal information. This information is then distributed without the victim's permission.

Although the disclosure of personal information without the owner's permission took place before the advent of the Internet, the term doxing first appeared in the hacker subculture in the 1990s, where anonymity was considered sacred. Confrontations between competing hackers sometimes led to some deciding to "drop docs" others who were previously known only by their user name or pseudonym. The word "docs "became" dox", lost the prefix" drop " and eventually became a verb. Now the use of the term has gone beyond the hacker community and is used to describe the fact of disclosure of personal information. While the term is still used to describe exposing anonymous users, it has become less relevant as most use their real names on social media.

IT tool

When it comes to managing loan applications, credit unions often look for reliable and effective tools to verify information about applicants. While TransUnion's TLOxp is widely known for its skip tracking capabilities, its use in credit unions goes far beyond that task. The IT tool can be used to verify the information provided in loan applications, to ensure compliance with legal requirements, and to improve the decision-making process in credit unions.

The Fair Credit Reporting Act (FCRA) defines specific acceptable uses for consumer reports. For credit unions, the use of TLOxp must meet these goals, which include loan origination and other legitimate business needs.

TLOxp offers a reliable platform for verifying applicant data such as identity, address, and place of employment. This capability plays a crucial role in ensuring the accuracy and reliability of data used in making credit decisions.

Traditionally, TLOxp is used to find individuals for debt collection. However, its use at the initial stages of processing loan applications is no less valuable, as it helps to reduce the level of fraud and ensure the reliability of data.

Using an IT tool in a credit union requires strict compliance with privacy laws and regulations. This includes obtaining consent from individuals and ensuring that the data is used responsibly.

Credit unions should manage their relationship with TLOxp as a third-party service, ensuring compliance and consistency with vendor management best practices.

For employees using TLOxp, proper training and clear rules are important to ensure that they understand and comply with legal and ethical standards. By using this tool in compliance with legal requirements, credit unions can improve the accuracy and integrity of their credit decisions. As with any other powerful tool, its use must be balanced with a strong commitment to compliance with regulatory requirements and ethical standards.