A massive amount of personal data has been shared on a hacking forum involving individuals in Canada, the United Kingdom, and the United States. This is a dream for those behind fishing attacks but a nightmare for the rest of us.
A hacker called Fenice has leaked 277.1GB of personal data in a hacking forum containing around 2.7 billion records. Initially, a hacker going by the name USDoD claimed responsibility for the data theft, attempting to sell it for $3.5 million. However, on August 6, Fenice released a more complete version, crediting another hacker named SXUL.
These files have apparently been obtained from the company National Public Data, which collects personal information from public records to be sold. This could include names, past and current addresses, birth dates, and even social security numbers. The company then compiles this data into profiles about each individual, which can be sold to be used for background checks, among other things.
Unfortunately, for the people concerned, National Public Data’s security was, to put it simply, catastrophic, as this data was stored in plain text instead of being encrypted. And the worst part is that impacted people may not even know about this until it’s too late. Understandably, a lawsuit has been filed against National Public Data, alleging that it also scraped data from non-public sources without individuals’ consent.
Though the true number of affected people is likely much lower than 2.7 billion, this breach remains the biggest this year. What is sure is that such a massive set is a boon for scammers who can use it to impersonate someone or create fake documents and accounts. Not even talking about the risks of targeted fishing emails to access bank accounts.
While, unfortunately, there is no silver bullet for the unlucky ones, if you suspect you could be affected, some preventive measures could help you limit the damages. For example, you can monitor your bank account more regularly. You should also become more suspicious about emails, check their source rigorously, and never click on links. Don’t give personal details if asked in phone calls if you can help it, since someone could be trying to confirm your identity. Yes, this is borderline paranoia, but better safe than sorry.
