Sunday 29 September 2013

Hacker sold personal data of 4 million US citizens online; risk of potential Identity Theft

An illegal service that sells personal data of US citizens online, which can then be used for identity theft hacked into the networks of three major data brokers and Hacker stole their databases.

Cyber attack has given them access to Social Security Numbers, dates of birth, and other personal details that could put all our finances at risk.

Krebs's blog revealed that the service, known as SSNDOB (ssndob.ms) (Social Security Number Date of Birth) used malware to obtain secret access to the databases of LexisNexis, Dun & Bradstreet and Kroll Background America.
Hackers are charging from 50 cents to $2.50 per record and from $5 to $15 for credit and background checks. It was discovered in March that another website, exposed.su was using data collected by SSNDOB to sell to its customers.



Through the use of a botnet Malware, ID thieves the ID thieves gained access to the networks of LexisNexis, that it provides coverage of more than 500 million unique consumer identities.

"The botnet’s online dashboard for the LexisNexis systems shows that a tiny unauthorized program called “nbc.exe” was placed on the servers as far back as April 10, 2013, suggesting the intruders have had access to the company’s internal networks for at least the past five months,” Krebs’ report.

The program was designed to open an encrypted channel of communications from within LexisNexis’s internal systems to the botnet controller on the public Internet.

SSNDOB itself was compromised by multiple attacks earlier this year, and website’s records show that 1,300 customers have spent hundreds of thousands of dollars looking up SSNs, birthdays, drivers license records, and obtaining unauthorized credit and background reports on more than four million Americans.
The service's main website at ssndob.ms has been taken offline, but similar services can be found at ssndob.cc and ssndob.biz.

Dun&Bradstreet and Altegrity have said they are investigating the claims. LexisNexis said that it has found no evidence of data theft.

No comments:

Post a Comment