National
Public
Data
(NPD)
confirmed
last
week
that
it
suffered
a
security
breach
dating
back
to
December
last
year.
An
alleged
stolen
NPD
database
containing
2.9
billion
lines
of
data,
including
Social
Security
numbers,
was
advertised
on
the
dark
web
in
April
by
a
hacker
group
known
as
USDoD
for
$3.5
million,
and
the
stolen
data
has
since
been
posted
publicly
in
various
locations.
Now,
Krebs
On
Security
reports
a
roughly
identical
website
to
NPD
called
recordscheck.net
was
found
to
be
hosting
an
archive
containing
site
logins
as
well
as
source
code
for
some
of
the
site’s
tools
in
plaintext.
That
would’ve
been
enough
information
to
access
the
same
consumer
records
as
NPD.
The
now-removed
file
contained
email
data
belonging
to
NPD
founder
Salvatore
Verini,
an
actor
and
retired
sheriff’s
deputy
from
Florida.
In
an
email
exchange
with
Krebs
On
Security,
Verini
wrote
that
the
file
contained
an
old
website
version
with
“non-working
code,”
and
the
site
will
cease
operations
“in
the
next
week
or
so.”
Verini
did
not
comment
further,
citing
an
“active
investigation.”
Krebs
On
Security
also
found
that
Verini
wrote
a
positive
testimonial
for
Creation
Next,
a
web
developer
company
mentioned
in
the
archived
source
code.
Since
the
leak
on
the
hacker
forum
last
month,
several
websites
like
npdbreach.com,
from
Atlas
Data
Privacy
Corp,
and
npd.pentester.com
have
popped
up,
saying
they
offer
searches
to
find
out
if
your
information
is
included
in
the
leak.
Using
these
services,
of
course,
means
you
need
to
put
your
name,
birth
year,
and
perhaps
your
SSN
into
someone’s
form.
As
Krebs
notes,
given
the
many
leaks
that
have
already
revealed
similar
information,
the
best
course
of
action
available
may
be
to
put
a
freeze
on
your
credit
report
with
the
major
bureaus
(Equifax,
Experian,
and
TransUnion)
and
take
advantage
of
the
free
weekly
credit
reports
you
are
entitled
to.
(Originally posted by Umar Shakir)
Comments