The cybercrime outfit that’s been selling all your info has been hacked

Even the hackers who steal our information can't be trusted to protect themselves from hackers.


Curt Hopkins


Published Sep 26, 2013   Updated Jun 1, 2021, 5:36 am CDT

Deep Web identity theft service, SSNDOB, has been pilfering the personal info of millions Americans from some of America’s largest consumer and business data aggregators, according to security researcher, Brian Krebs.

As worrying perhaps, as he writes on his website, Krebs on Security, is that SSNDOB has itself been hacked.

For the last two years, the people behind the site have been advertising it as the Costco of ID theft, charging 50 cents to $2.50 per ID and from $5 to $15 for credit records and background checks. The site takes payment in crypto-currencies like Bitcoin.

This summer, however, crackers broke into SSNDOB and stole and shared its database. Krebs analyzed that info, discovering that 1,300 customers spent hundreds of thousands of dollars on the site to obtain information on over 4 million Americans and that it shared 1.02 million unique SSNs and 3.1 million birthdates with its clients since it launched in 2012.

Although the database itself did not divulge its sources, Krebs said his analysis indicates “these individuals also were responsible for operating a small but very potent botnet” and that this botnet “controlled at least five infected systems at different U.S.-based consumer and business data aggregators.”

Two of those systems belonged to the granddaddy of information aggregation, Lexis/Nexis, an online legal, public records and media research service. They had been accessed since at least early April

Another two were within business intelligence provider Dun & Bradstreet, which licenses business information on 220 companies globally to investors, journalists and companies who need to assess credit risks. These had been accessed by the botnet since at least late March.

The final was that of Kroll Background Screening, a drug, health, and employment screening company owned by another company, HireRight. That server had been compromised since June.

The software used to set up back doors in the servers were advanced enough to elude detection by sophisticated anti-malware software, Krebs said.

The affected companies are working with the Federal Bureau of Investigation to trace the actions of SSNDOB and its effects on the integrity of its information.

It can hardly be a surprise that even the hackers who steal our information can’t be trusted to protect themselves from hackers.

H/T Krebs | Photo by IMLS/Flickr

Share this article
*First Published: Sep 26, 2013, 12:20 pm CDT