Since April, a hacker with a history of selling stolen data has claimed a data breach of billions of records – affecting at least 300 million people – from a US data broker, which would make it one of the biggest alleged data breaches of the year.
The data, seen by TechCrunch, itself looks partially legitimate — if imperfect. The stolen data, which was advertised on a well-known cybercrime forum, reportedly dates back years and includes US citizens’ full names, residential address history and Social Security numbers – data that is widely available to sale by data brokers.
However, confirmation of the source of the alleged data theft has proven elusive. This is the nature of the data broker industry, which gobbles up people’s personal data from disparate sources with little to no quality control.
The alleged data broker, according to the hacker, is National Public Data, which bills itself as “one of the largest providers of public records on the Internet.”
On its official website, National public data claims to sell access to multiple databases: a “People Finder” where customers can search by social security number, name and date of birth, address or phone number; a database of US consumer data “covering more than 250 million people;” a database containing voter registration data containing information on 100 million US citizens; a criminal record one; And much more.
vx-underground malware research team told X (formerly Twitter) that they reviewed the entire stolen database and could “confirm that the data in it is real and accurate.”
“We tracked down several individuals who consented to having their information searched,” the group wrote, adding that they were able to find those individuals’ information, including names, address history dating back more than three decades, and Social Security numbers.
“It also allowed us to find their parents and closest siblings. We were able to identify some [sic] parents, deceased relatives, uncles, aunts and cousins,” vx-underground wrote.
TechCrunch made similar efforts to verify the authenticity of the data, with mixed results.
Contact us
Do you have more information about this incident, or similar incidents? From a non-working device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382 or via Telegram, Keybase and Wire @lorenzofb or via email. You can also contact Zulkarnain Saer Khan on Signal at +36707723819 or X @ZulkarnainSaer. You can also contact TechCrunch via SecureDrop.
In reviewing a smaller sample of five million records, we found groups of names and addresses that matched the corresponding public records, but also some data that didn’t always make sense — such as email addresses with different names that had no apparent connection to the rest of the connected data. person. Some files allegedly contained information about well-known high-profile figures, including the personal data of a former US president.
TechCrunch provided USDoD, the hacker selling the data, with the names of eight people who gave their consent in an attempt to verify that the hacker actually has legitimate data. The hacker did not return any information about the eight people.
TechCrunch also reached out to a hundred people whose numbers and emails were in the sample. Only one person responded and confirmed that some of their allegedly stolen data was accurate, but not all.
Going straight to the alleged source of the data theft didn’t answer much.
Despite several attempts to contact the company, National Public Data has not responded, nor has its founder and CEO Salvatore Verini. After TechCrunch first contacted National Public Data last week, the company pulled pages on its website detailing the databases it sells access to.
Not all data breaches claimed by hackers turn out to be real, especially those advertised on hacking forums. That’s why TechCrunch and other cybersecurity reporters often spend significant time trying to verify a data breach, efforts that sometimes end up with inconclusive results.
However, this alleged breach of a data broker appears to be extreme, in part because some of the data appears genuine and some already verified.
The proliferation and commoditization of personal data across the data broker industry also makes it more difficult to trace the source of data leaks. And even if this particular data breach remains unsolved, it shows once again that the data broker industry is out of control and poses real privacy issues for ordinary people.
We couldn’t definitively solve the mystery of this data breach, but there was enough to clarify our verification efforts. One thing is clear. Since data brokers collect personal information, there is a risk that the data will be deleted.