The recent security breach at National Public Data (NPD) has raised serious concerns regarding the safety and protection of sensitive personal information. According to reports by National Public Data (NPD), the breach occurred in December last year and involved the unauthorized access to a database containing a staggering 2.9 billion lines of data, including Social Security numbers. This stolen database was later advertised on the dark web by a hacker group known as USDoD for a whopping $3.5 million.
In a surprising turn of events, it was revealed that a website closely resembling NPD, called recordscheck.net, was found to be hosting an archive that contained site logins and even source code for some of the tools used on the site – all in plaintext. This discovery unveiled a significant vulnerability that could potentially allow unauthorized access to consumer records similar to those stored on NPD. The file, which has since been removed, even contained email data belonging to NPD’s founder, Salvatore Verini, a former actor and retired sheriff’s deputy from Florida.
When approached by Krebs On Security for a statement regarding the breach, Verini claimed that the file contained an outdated version of the website with non-functional code. He assured that the site would be ceasing operations in the coming week and refrained from providing further details due to an ongoing investigation. Interestingly, it was discovered that Verini had written a positive testimonial for Creation Next, a web development company mentioned in the archived source code, raising questions about the potential security lapses in the website’s development.
Since news of the data breach surfaced, several websites claiming to offer searches to determine if individuals’ information was included in the leak have emerged. Websites like npdbreach.com and npd.pentester.com require users to input their name, birth year, and potentially their Social Security number to conduct these searches. While these services may seem helpful, they pose a significant risk as users are essentially providing sensitive personal information to unknown entities, potentially exposing themselves to further security threats.
Overall, the NPD data breach has shed light on the critical need for robust cybersecurity measures and heightened awareness among individuals regarding the protection of their personal information. It serves as a stark reminder of the ever-present threat of cyber attacks and the importance of staying vigilant in safeguarding sensitive data from malicious actors.
Leave a Reply
You must be logged in to post a comment.