Major Data Firms Hacked - Thieves Selling Info

[ritchie58]

An illegal service that sells personal data "on any U.S. resident" -- which can then be used for identity theft -- hacked into servers at several major data aggregators including LexisNexis and Dun & Bradstreet, according to a report.

The service's customers have, the report said, "spent hundreds of thousands of dollars looking up SSNs, birthdays, driver's license records, and obtaining unauthorized credit and background reports on more than 4 million Americans."

In an article Wednesday, former Washington Post reporter Brian Krebs, who now writes the KrebsOnSecurity blog, outlined how a site called Expose.su managed earlier this year to post financial information on celebrities and government officials.

The site's activities triggered an FBI investigation, in part because Expose.su managed to publish the Social Security Number, address, and a credit report of then-FBI Director Robert Mueller.

According to Krebs, Expose.su (think "exposes you") got its info from another site, ssndob.ms, or SSNDOB (think "Social Security Number" and "date of birth"), which got the data by way of a small botnet it operates. The botnet appears to have access to compromised servers at several large data brokers in the United States, including LexisNexis, Dun & Bradstreet, and Kroll Background America. (And, in regard to the bot program installed on the hacked servers, Krebs reported that "none of the 46 top antimalware tools on the market today detected it as malicious.")

LexisNexis maintains one of the world's biggest electronic databases for legal and public-records related information; Dun & Bradstreet licenses info on businesses for use in credit decisions; and Kroll -- now a part of HireRight -- provides services related to employment background, drug, and health screenings, Krebs noted.

"All three victim companies said they are working with federal authorities and third-party forensics firms in the early stages of determining how far the breaches extend, and whether indeed any sensitive information was accessed and exfiltrated from their networks," Krebs said.

Krebs, who got his hands on a copy of SSNDOB's database, reported that a closer examination of it indicates that since SSNDOB came on the scene early last year, the service has sold more than 1.02 million unique SSNs and nearly 3.1 million date of birth records.

SSNDOB markets itself on underground cybercrime forums, Krebs said, and sells data at prices that "range from 50 cents to $2.50 per record, and from $5 to $15 for credit and background checks. Customers pay for their subscriptions using largely unregulated and anonymous virtual currencies, such as Bitcoin and WebMoney." Krebs also said SSNDOB appears "to have licensed its system for use by at least a dozen high-volume users" and that there's some evidence these users "are operating third-party identity theft services."

The FBI confirmed that a bureau investigation into the SSNDOB server hacks is ongoing, Krebs reported, adding that a spokesperson wouldn't provide any details.

You can read Krebs' story here.

 

Article by, Edward Moyer: Associate Editor at CNET News

[Jose]

Hey Ritchie,

 

That actually came up in the office yesterday.

 

It's a good, and quite disturbing, read.

 

-Jose

[ritchie58]

You got that right Jose! Over four million Americans personal information stolen, "holy smoke!" These firms are going to be taking a good hard look at thier security solutions to figure out how these breaches were perpertrated by this botnet infection no doubt.

[Zurchiboy]

Wow...That is disturbing. Hopefully those that were stolen didn't contain our info.

[ritchie58]

The most prudent thing to do for these firms is to notify, either by snail mail or email, the people that may have been affected to keep a good eye on their credit card expenditures for any unauthorized purchases. Sometimes firms will offer free credit reports to customers if they've been hacked. Credit Karma is a good free service to monitor your credit too.

 

I was working for a now out of business company called TRG Solutions that operated a calling center here in Oil City that was contracted by the TJ Max/Marshalls chain when they got hacked a number of years ago. We offered affected customers, via a toll free number they recieved in the mail, free credit reports from both Equifax and Experian for one year (if they wanted it of course) and offering info on what to do if they think they were actually victims of ID theft and how to protect their identity in the future. Doin' damage control for the company. That brings back some memories, lol!