A number of major consumer and business data aggregators often share huge amounts of personal data of US citizens with each other. Now, it has transpired that hackers were able to access this data using malware and have been able to gain and sell the personal data of 4 million US citizens.
The interesting part is that, the hackers who gained access to this data then sold it under the pretense of being an authentic service. Known as SSNDOB, the service has shown itself to be an authentic place to get the Social Security Numbers and other data of any U.S. citizen.
The website offered this service for 50 cents to $2.50 per record. Not only that, if you want additional information such as credit or background checks, you have to pay another $5 to $15. SSNDOB has been around for a while now and many had speculated as to where the service gets its data from.
Recently, SSNDOB itself was hacked and its database was looted by multiple hackers. KrebsOnSecurity.com was able to get its hands on a copy of the database. The database revealed that the data records of 4 million US citizens were repeatedly accessed by nearly 1300 customers, each paying hundreds of thousands of dollars. The SSNDOB was originally hosted at ssndob.ms but the website has been taken offline.
However, there have been other websites which offer similar services. Most of this data has illegally been obtained through the use of a botnet malware. These services hint at how insecure is the personal data of millions of US citizens and how it is being used by hackers for many nefarious purposes.
Courtesy: The Hacker News