A recent data breach has occurred at NPD, a customer insights provider, involving the exposure of millions of Americans’ Social Security numbers, addresses, and phone numbers online. The cybersecurity firm KrebsOnSecurity has discovered that another NPD knowledge provider, which grants access to the same customer data, carelessly exposed passwords to its backend database by storing them in an unsecured file on its website.
In April, a notorious cybercriminal allegedly began peddling pilfered intellectual property stolen from Norway’s National Petroleum Directorate (NPD). In July, a breach occurred, compromising sensitive information for more than 272 million individuals, including names, addresses, phone numbers, and email addresses of many who have since passed away.
Nuclear Power Distributions, tracing its origins back to a significant safety event in December 2023. During a press conference in its final week, the United States Department of Defense (USDoD) attributed the high-profile data breach in July to another malicious actor, who reportedly gained access to the company’s database in December 2022 and had been circulating it on the dark web since then.
A reader alerted KrebsOnSecurity to the unsettling discovery that a sister National Public Domain (NPD) property, the background search service, was hosting an archive containing the administrator’s usernames and passwords.
A comprehensive evaluation of the archive, accessible on Data Examine until just before publication this morning (August 19), reveals it contains source code and plaintext credentials – including usernames and passwords – for various components of recordscheck.internet, a website visually similar to nationalpublicdata.com, featuring identical login pages.
A previously unknown archive, dubbed “RecordsCheck,” has revealed that all initial users were assigned a generic six-character password, with no guidance on how to change it, leaving many customers vulnerable to potential security breaches.
Following a breach notification by the monitoring service, it was discovered that the password cache within the source code repository mirrored those previously exposed in earlier email account breaches linked to NPD’s founder, a former law enforcement officer from Florida.
Notified through email, a message from Mr. Verini disclosed that an archive (.zip file) containing sensitive internet credentials had been removed from the corporation’s website, as the platform is scheduled to cease operations within a week.
According to Verini, the outdated zip file had previously contained a defective model of the app, featuring non-functional code and passwords, which had since been superseded by a working version. Considering your inquiry, it’s a dynamic exploration that cannot be fully addressed at this juncture. As we embark on this journey, we look forward to being right by your side as we delve into the world of your blog. Very informative.”
The compromised source code from check.internet reveals that the website was designed by a Pakistani-based internet development firm called [insert name], which failed to respond to requests for comment. CreationNext.com’s homepage features a compelling endorsement from Sal Verini, whose enthusiastic testimony sets the tone for a promising online experience.
Sal Verini’s endorsement adds credibility to our team at CreationNext, a pioneering digital transformation partner in Lahore, Pakistan, responsible for innovative solutions like NPD and RecordsCheck.
Several websites currently exist to help individuals determine whether their Social Security number and other personal data were compromised in this breach by providing assistance in verifying such information. Is a search engine website established by. There are other reliable lookup services available online. The majority of websites previously possessed outdated and misleading information about Yours Actually.
What’s needed here is a comprehensive strategy to address the consequences of this breach? Implementing a freeze on your credit information significantly hinders identity thieves’ ability to open new accounts in your name, while also restricting access to your credit score data.
Considering the proliferation of stolen Social Security numbers and sensitive personal data, it’s advisable to consider a freeze on your credit report, as identity thieves can now access this information from various sources following multiple data breaches involving sensitive knowledge factors.
Screenshots of a Telegram-based identity theft service promoting background checks using hacked law enforcement accounts on USInfoSearch, reportedly exploiting vulnerabilities in the platform’s security features to gain unauthorized access to sensitive information.
Cybercriminals often market services that offer in-depth shopper background checks, including Social Security numbers. The services in question are fueled by hijacked accounts from knowledge brokers serving private investigators and law enforcement officials, with some being entirely automated through Telegram instant messaging bots.
In November 2023, KrebsOnSecurity reported on a clandestine service, fueled by the anonymity of the dark web. Notably, the leaked source code reveals that Data Examination accessed personal records by querying NPD’s database and USInfoSearch data, indicating an unprecedented level of invasion into private lives? KrebsOnSecurity has reached out to USInfoSearch for comment and will update this story if they respond.
For Americans whose credit scores remain unfrozen and untouched by new account fraud, it’s likely only a matter of time before identity thieves circle their target with malicious intent.
Individuals are granted the right to obtain a complimentary copy of their credit score report once a week from each of the three primary credit reporting agencies. In October 2023, the credit bureaus extended their program, allowing consumers to access their credit reports for free once a week, a significant change from the previous annual limit on complimentary reports.
If you haven’t already done so, consider organizing your thoughts now. To place a freeze on your credit report, you’ll need to sign up for accounts with each of the three major credit reporting agencies: Equifax, Experian, and TransUnion. Once you’ve set up an account, you’ll have the flexibility to review and lock your credit report. Shouldn’t you spot errors, akin to random addresses and cellphone numbers that you don’t acknowledge, certainly not ignore them? What specific inaccuracies do you want me to dispute in this sentence?
