After the massive data breach at National Public Data (NPD), another identical website, recordscheck.net, was found to be hosting an archive that contained site login credentials and the source code for some of NPD’s tools, all in plaintext.
This archive, now removed, could have provided unauthorised access to the same consumer records held by NPD. Alarmingly, the file also contained email data linked to NPD’s founder, Salvatore Verini, a former actor and retired sheriff’s deputy from Florida.
In an email exchange with Krebs On Security, Verini downplayed the significance of the file, describing it as an old version of the website with ‘non-working code.’ He further mentioned that NPD would cease operations “in the next week or so.”
However, he refrained from providing additional details, citing an ongoing investigation. It is also noteworthy that Verini has previously written favourable testimonials for Creation Next, a web development company mentioned in the leaked source code.
“The leaked recordscheck.net source code indicates the website was created by a web development firm based in Lahore, Pakistan called creationnext.com, which did not return messages seeking comment. CreationNext.com’s homepage features a positive testimonial from Sal Verini,” researchers said.
In the wake of the breach, several websites, including npdbreach.com and npd.pentester.com, have emerged, claiming to offer services that help individuals determine whether their information is part of the leak.
However, these services require users to submit personal details such as their name, birth year, and possibly even their Social Security number — a risky proposition given the current situation.
Cybersecurity experts, including Krebs On Security, caution that the safest action for individuals concerned about their data is to freeze their credit reports with major bureaus like Equifax, Experian, and TransUnion.
“A freeze is a good idea because all of the information that ID thieves need to assume your identity is now broadly available from multiple sources, thanks to the multiplicity of data breaches we’ve seen involving SSN data and other key static data points about people,” researchers cautioned.
Additionally, taking advantage of the free credit reports available through these bureaus can help individuals monitor suspicious activity.
The NPD breach occurred last week and resulted in an immense trove of personal data. The breach, initially kept under wraps, came to light in April when a database allegedly stolen from NPD was advertised on the dark web by a hacker group known as USDoD.
The data reportedly contains 2.9 billion lines, including sensitive information such as Social Security numbers, initially offered for sale at a staggering $3.5 million.
However, the stolen data has since found its way to various public platforms, amplifying concerns about the potential misuse of this information.
In the News: Stolen payment cards can allow transactions through digital wallets