A massive data leak that probably exposed all of your personal info is hugely worse than t...

AppleInsiderAppleInsider
Posted:
in General Discussion

If you thought last week that just about every piece of personal data about you was stolen last week was bad, wait until you hear about how the passwords for the holding company were stolen too.

Computer code forming a rectangular frame with a clear blue space in the center
New NPD breach exposes passwords, raising fresh security concerns



In April, cybercriminals began selling data stolen from NPD, which included names, addresses, phone numbers, and even email addresses of more than 272 million individuals, many of whom were deceased. NPD acknowledged the breach in August, attributing it to a security incident dating back to December 2023.

However, the situation worsened when it was discovered that a sister site, recordscheck.net, inadvertently published administrator passwords and source code on its homepage.

A reader of KrebsOnSecurity alerted the site to the presence of a file named "members.zip" on the Records Check website. The file, accessible until August 19, contained usernames and passwords for various site components, similar to NPD's leading platform. Many RecordsCheck users hadn't changed their default passwords.

Due to the breach of NPD's platforms, consumers face a heightened risk of identity theft. Compromised passwords allow cyber criminals to access personal information stored on NPD's platforms and beyond.

What you can do



Given the severity of the breach, consumers should immediately freeze their credit files with major credit reporting bureaus, such as Equifax, Experian, and TransUnion. A credit freeze restricts access to your credit report, making it harder for identity thieves to open new accounts in your name.

While credit freezes don't prevent all identity theft, they provide essential protection in a vulnerable data landscape.

Regularly monitor your credit reports for unauthorized activity. The Federal Trade Commission allows free credit reports, which can detect and dispute inaccuracies early.

Use unique, strong passwords for different online accounts and change them regularly. A password manager can help maintain security without the burden of memorizing complex passwords.

Finally, several websites have been established to help people in determining if their Social Security Number and other data were compromised in the breach. One such website is npdbreach.com, a lookup page created by Atlas Data Privacy Corp. Another lookup service is available at npd.pentester.com.

As the investigation into the NPD breach continues, consumers and regulators must demand greater accountability for handling and protecting personal data.



Read on AppleInsider

Comments

  • Reply 1 of 12
    apple4thewinapple4thewin Posts: 206member
    Wow it keeps getting worse and worse. Imagine how long people knew about it and kept quiet until a massive hacking group opened a zip file and pressed the Staples red button
    VictorMortimerforgot usernamedatumaxwatto_cobrabruce young
  • Reply 2 of 12
    StrangeDaysStrangeDays Posts: 13,031member
    I'm in the breach, awesome.

    Arguably worse than the highly covered Windows BSOD issue last month, but next to no media coverage. I guess if it doesn't make you miss a flight nobody cares.
    VictorMortimerwatto_cobra
  • Reply 3 of 12
    mac_dogmac_dog Posts: 1,083member
    How does a company inadvertently post admin credentials? Ridiculous. 
    VictorMortimernubuswatto_cobra
  • Reply 4 of 12
    VictorMortimerVictorMortimer Posts: 239member
    There really is no excuse for this.  These data brokers should simply not be allowed to exist.  It should be illegal for ANY company to collect social security numbers for any purpose other than tax reporting.
    bruce young
  • Reply 5 of 12
    zimmermannzimmermann Posts: 336member
    Is this about a data breach in the USA? How about passwords in other countries?
    watto_cobraappleinsideruser
  • Reply 6 of 12
    hexclockhexclock Posts: 1,299member
    So who has been fired? Who is going to prison? 
    watto_cobra
  • Reply 7 of 12
    jetpilotjetpilot Posts: 37member
    So check and see if my information was compromised by submitting my personal information on some random website? Uhhhhh...no.
    forgot usernamewatto_cobraappleinsideruser
  • Reply 8 of 12
    radarthekatradarthekat Posts: 3,896moderator
    jetpilot said:
    So check and see if my information was compromised by submitting my personal information on some random website? Uhhhhh...no.
    It requires only your first end last name and state you were born in.  
    forgot usernamegatorguywatto_cobra
  • Reply 9 of 12
    unbeliever2unbeliever2 Posts: 93member
    Why can’t we sue these assclowns who keep leaking our data?
    watto_cobra
  • Reply 10 of 12
    datumaxdatumax Posts: 5member
    Bonus question: why is this our job to clean up? And if so, can I get paid to do the job these sysadmin didn’t or do I have to work free to divulge my secrets so the government doesn’t have to

    Blockchain 
    watto_cobra
  • Reply 11 of 12
    profprof Posts: 94member
    zimmermann said:
    Is this about a data breach in the USA? How about passwords in other countries?
    Yeah, this is mostly about the USA. But as we all know, that the center of the world anyway and everything applies to all other countries in the world (NOT!), so absolutely no need mentioning that fact.
  • Reply 12 of 12
    profprof Posts: 94member

    StrangeDays said:
    I'm in the breach, awesome.

    Arguably worse than the highly covered Windows BSOD issue last month, but next to no media coverage. I guess if it doesn't make you miss a flight nobody cares.
    Well, the Windows issue affected the whole world and also not just airlines... so the impact was quite a bit larger than your bi-monthly US social security data leak and global. Air travel was simply the most noticeable impact so that's what the reporting focused on...
    muthuk_vanalingam
Sign In or Register to comment.