Tag: data

Massive leak of US personal information shows up on hacking forum, including almost 2.7 billion records

Nearly 2.7 billion personal information records for people in the United States have been posted to a popular hacking forum, exposing names, addresses, and even Social Security numbers. The data allegedly comes from a company that collects and sells the data for legitimate use, but was stolen and put up for sale in April 2024.

Originally, a threat actor known as USDoD claimed to have stolen the information from National Public Data. National Public Data scrapes the information from public sources, uses it to compile individual profiles, and then sells those portfolios. The company serves private investigators as well as entities needing to conduct background checks and obtain criminal records.

When USDoD first obtained the data, it offered to sell it for $3.5 million. The hacker claimed it contained 2.9 billion records and consisted of personal information for every person in Canada, the United Kingdom, and the United States. In the past, USDoD has been linked to another database breach, trying to sell InfraGard’s user database for $50,000 in December 2023.

On Aug. 6, a user going by the alias Fenice posted what’s believed to be the most complete version of the stolen National Public Data information for free on the Breached hacking forum. Fenice says, however, that the data breach was actually done by a different hacker than USDoD, one known as SXUL.

This isn’t the first time the data from this leak has been released, but previous posts have only included partial copies of the data. These included different numbers of records and sometimes different data. Fenice has offered the most complete version of the National Public Data information and has provided it for free.

Keep reading

Almost Entire US State Becomes Victim of Major Data Breach

A significant data breach in Maine has compromised the personal information of at least 1.3 million residents.

This breach, reported by The Hill, occurred earlier this year and involved a cyberattack on the MOVEit file transfer system. This system is widely used by various government agencies at both state and federal levels. The breach resulted in the exposure of names, dates of birth, social security numbers and government IDs of potentially all 1.38 million residents in Maine.

The cyberattack, initiated by a Russian ransomware group, had a global impact, affecting at least 70 million people. The Maine government, in a press release, stated, “Since the onset of the incident, the cybercriminals involved claimed their primary targets were businesses, with a promise to erase data from certain entities, including governments.” However, despite assurances from the cybercriminals that data obtained from governments has been erased, the state is urging individuals to protect their personal information.

Keep reading

LEXISNEXIS IS SELLING YOUR PERSONAL DATA TO ICE SO IT CAN TRY TO PREDICT CRIMES

THE LEGAL RESEARCH and public records data broker LexisNexis is providing U.S. Immigration and Customs Enforcement with tools to target people who may potentially commit a crime — before any actual crime takes place, according to a contract document obtained by The Intercept. LexisNexis then allows ICE to track the purported pre-criminals’ movements.

The unredacted contract overview provides a rare look at the controversial $16.8 million agreement between LexisNexis and ICE, a federal law enforcement agency whose surveillance of and raids against migrant communities are widely criticized as brutal, unconstitutional, and inhumane.

“The purpose of this program is mass surveillance at its core,” said Julie Mao, an attorney and co-founder of Just Futures Law, which is suing LexisNexis over allegations it illegally buys and sells personal data. Mao told The Intercept the ICE contract document, which she reviewed for The Intercept, is “an admission and indication that ICE aims to surveil individuals where no crime has been committed and no criminal warrant or evidence of probable cause.”

While the company has previously refused to answer any questions about precisely what data it’s selling to ICE or to what end, the contract overview describes LexisNexis software as not simply a giant bucket of personal data, but also a sophisticated analytical machine that purports to detect suspicious activity and scrutinize migrants — including their locations.

Keep reading

Apple and Meta Gave User Data to Hackers Who Used Forged Legal Requests

Apple and Meta provided basic subscriber details, such as a customer’s address, phone number and IP address, in mid-2021 in response to the forged “emergency data requests.” Normally, such requests are only provided with a search warrant or subpoena signed by a judge, according to the people. However, the emergency requests don’t require a court order.

Snap Inc. received a forged legal request from the same hackers, but it isn’t known whether the company provided data in response. It’s also not clear how many times the companies provided data prompted by forged legal requests.

Cybersecurity researchers suspect that some of the hackers sending the forged requests are minors located in the U.K. and the U.S. One of the minors is also believed to be the mastermind behind the cybercrime group Lapsus$, which hacked Microsoft Corp., Samsung Electronics Co. and Nvidia Corp., among others, the people said. City of London Police recently arrested seven people in connection with an investigation into the Lapsus$ hacking group; the probe is ongoing.

Keep reading

Scraped data of 1.5 BILLION Facebook users offered for sale on the dark web – reports

Facebook, Messenger, Instagram, and WhatsApp are all down, but CEO Mark Zuckerberg has another headache: The personal data of 1.5 billion customers, scraped from his platform, is reportedly being offered for sale on the dark web.

User IDs, real names, email addresses, phone numbers, and locations are among the data of more than 1.5 billion Facebook customers that’s up for sale, according to a report on the cybersecurity news outlet Privacy Affairs on Monday. The going price has been quoted as $5,000 for a million names.

The data “appears to be authentic” and was obtained through “scraping” – getting the information that users set to ‘public’ or allow quizzes or other questionable apps or pages to access.

It’s the “biggest and most significant Facebook data dump to date,” according to the publication – about three times greater than the April leak of 533 million phone numbers. Facebook said at the time this was “old data” and the security vulnerability responsible had been patched back in 2019.

Privacy Affairs reported that one purported buyer was quoted the price of $5,000 for a million entries. Another user claimed they had paid the seller but had received nothing, and the seller had not yet responded. The samples of data provided to the unnamed “popular hacking-related forum” appeared to be real, the outlet said.

Facebook, Messenger, WhatsApp, and Instagram, all owned by Zuckerberg’s social media behemoth, were struck by a serious global outage that began on Monday. However, the data dump doesn’t appear to be related to the outage itself.

Keep reading

John Ioannidis Warned COVID-19 Could Be a “Once-In-A-Century” Data Fiasco. He Was Right

On Thursday, a Florida health official told a local news station that a young man who was listed as a COVID-19 victim had no underlying conditions.

The answer surprised reporters, who probed for additional information.

“He died in a motorcycle accident,” Dr. Raul Pino clarified. “You could actually argue that it could have been the COVID-19 that caused him to crash. I don’t know the conclusion of that one.”

The anecdote is a ridiculous example of a real controversy that has inspired some colorful memes: what should define a COVID-19 death?

While the question is important, such incidents may be just the tip of the proverbial iceberg regarding the unreliability of COVID-19 data.

Keep reading