Deep Web identity theft service, SSNDOB, has been pilfering the personal info of millions Americans from some of America’s largest consumer and business data aggregators, according to security researcher, Brian Krebs.
As worrying perhaps, as he writes on his website, Krebs on Security, is that SSNDOB has itself been hacked.
For the last two years, the people behind the site have been advertising it as the Costco of ID theft, charging 50 cents to $2.50 per ID and from $5 to $15 for credit records and background checks. The site takes payment in crypto-currencies like Bitcoin.
This summer, however, crackers broke into SSNDOB and stole and shared its database. Krebs analyzed that info, discovering that 1,300 customers spent hundreds of thousands of dollars on the site to obtain information on over 4 million Americans and that it shared 1.02 million unique SSNs and 3.1 million birthdates with its clients since it launched in 2012.
Although the database itself did not divulge its sources, Krebs said his analysis indicates "these individuals also were responsible for operating a small but very potent botnet” and that this botnet “controlled at least five infected systems at different U.S.-based consumer and business data aggregators.”
Two of those systems belonged to the granddaddy of information aggregation, Lexis/Nexis, an online legal, public records and media research service. They had been accessed since at least early April
Another two were within business intelligence provider Dun & Bradstreet, which licenses business information on 220 companies globally to investors, journalists and companies who need to assess credit risks. These had been accessed by the botnet since at least late March.
The final was that of Kroll Background Screening, a drug, health, and employment screening company owned by another company, HireRight. That server had been compromised since June.
The software used to set up back doors in the servers were advanced enough to elude detection by sophisticated anti-malware software, Krebs said.
The affected companies are working with the Federal Bureau of Investigation to trace the actions of SSNDOB and its effects on the integrity of its information.
It can hardly be a surprise that even the hackers who steal our information can't be trusted to protect themselves from hackers.
Texans are adopting dogs in droves to rescue them from flooded animal shelters
Now this is Southern hospitality.47k
This photo of an Army widow at her husband's grave reminds us what Memorial Day is all about
Laureen Lopez-Berry's husband Richard was killed by a car bomb in Afghanistan in 2012.38k
How to play every classic video game on your phone
The best '80s and '90s consoles in the palm of your hand.18k
Indie game Catlateral Damage will satisfy your itch for feline destruction
Step into the life of the agent of chaos known as the housecat.
Tiny bear cubs have the world's cutest wrestling match
Can. Not. Handle. This.8