A massive data leak that probably exposed all of your personal info is hugely worse than t...

Jump to First Reply
AppleInsiderAppleInsider
Posted:
in General Discussion

If you thought last week that just about every piece of personal data about you was stolen last week was bad, wait until you hear about how the passwords for the holding company were stolen too.

Computer code forming a rectangular frame with a clear blue space in the center
New NPD breach exposes passwords, raising fresh security concerns



In April, cybercriminals began selling data stolen from NPD, which included names, addresses, phone numbers, and even email addresses of more than 272 million individuals, many of whom were deceased. NPD acknowledged the breach in August, attributing it to a security incident dating back to December 2023.

However, the situation worsened when it was discovered that a sister site, recordscheck.net, inadvertently published administrator passwords and source code on its homepage.

A reader of KrebsOnSecurity alerted the site to the presence of a file named "members.zip" on the Records Check website. The file, accessible until August 19, contained usernames and passwords for various site components, similar to NPD's leading platform. Many RecordsCheck users hadn't changed their default passwords.

Due to the breach of NPD's platforms, consumers face a heightened risk of identity theft. Compromised passwords allow cyber criminals to access personal information stored on NPD's platforms and beyond.

What you can do



Given the severity of the breach, consumers should immediately freeze their credit files with major credit reporting bureaus, such as Equifax, Experian, and TransUnion. A credit freeze restricts access to your credit report, making it harder for identity thieves to open new accounts in your name.

While credit freezes don't prevent all identity theft, they provide essential protection in a vulnerable data landscape.

Regularly monitor your credit reports for unauthorized activity. The Federal Trade Commission allows free credit reports, which can detect and dispute inaccuracies early.

Use unique, strong passwords for different online accounts and change them regularly. A password manager can help maintain security without the burden of memorizing complex passwords.

Finally, several websites have been established to help people in determining if their Social Security Number and other data were compromised in the breach. One such website is npdbreach.com, a lookup page created by Atlas Data Privacy Corp. Another lookup service is available at npd.pentester.com.

As the investigation into the NPD breach continues, consumers and regulators must demand greater accountability for handling and protecting personal data.



Read on AppleInsider

Comments

  • Reply 1 of 12
    apple4thewinapple4thewin Posts: 411member
    Wow it keeps getting worse and worse. Imagine how long people knew about it and kept quiet until a massive hacking group opened a zip file and pressed the Staples red button
    VictorMortimerforgot usernamedatumaxwatto_cobrabruce young
     3Likes 0Dislikes 2Informatives
  • Reply 2 of 12
    StrangeDaysstrangedays Posts: 13,165member
    I'm in the breach, awesome.

    Arguably worse than the highly covered Windows BSOD issue last month, but next to no media coverage. I guess if it doesn't make you miss a flight nobody cares.
    VictorMortimerwatto_cobra
     1Like 0Dislikes 1Informative
  • Reply 3 of 12
    mac_dogmac_dog Posts: 1,093member
    How does a company inadvertently post admin credentials? Ridiculous. 
    VictorMortimernubuswatto_cobra
     2Likes 0Dislikes 1Informative
  • Reply 4 of 12
    VictorMortimervictormortimer Posts: 239
    There really is no excuse for this.  These data brokers should simply not be allowed to exist.  It should be illegal for ANY company to collect social security numbers for any purpose other than tax reporting.
    bruce young
     1Like 0Dislikes 0Informatives
  • Reply 5 of 12
    zimmermannzimmermann Posts: 354member
    Is this about a data breach in the USA? How about passwords in other countries?
    watto_cobraappleinsideruser
     2Likes 0Dislikes 0Informatives
  • Reply 6 of 12
    hexclockhexclock Posts: 1,345member
    So who has been fired? Who is going to prison? 
    watto_cobra
     1Like 0Dislikes 0Informatives
  • Reply 7 of 12
    jetpilotjetpilot Posts: 42member
    So check and see if my information was compromised by submitting my personal information on some random website? Uhhhhh...no.
    forgot usernamewatto_cobraappleinsideruser
     3Likes 0Dislikes 0Informatives
  • Reply 8 of 12
    radarthekatradarthekat Posts: 3,911moderator
    jetpilot said:
    So check and see if my information was compromised by submitting my personal information on some random website? Uhhhhh...no.
    It requires only your first end last name and state you were born in.  
    forgot usernamegatorguywatto_cobra
     2Likes 0Dislikes 1Informative
  • Reply 9 of 12
    unbeliever2unbeliever2 Posts: 98member
    Why can’t we sue these assclowns who keep leaking our data?
    watto_cobra
     1Like 0Dislikes 0Informatives
  • Reply 10 of 12
    datumaxdatumax Posts: 5member
    Bonus question: why is this our job to clean up? And if so, can I get paid to do the job these sysadmin didn’t or do I have to work free to divulge my secrets so the government doesn’t have to

    Blockchain 
    watto_cobra
     1Like 0Dislikes 0Informatives
  • Reply 11 of 12
    profprof Posts: 106member
    zimmermann said:
    Is this about a data breach in the USA? How about passwords in other countries?
    Yeah, this is mostly about the USA. But as we all know, that the center of the world anyway and everything applies to all other countries in the world (NOT!), so absolutely no need mentioning that fact.
     0Likes 0Dislikes 0Informatives
  • Reply 12 of 12
    profprof Posts: 106member

    StrangeDays said:
    I'm in the breach, awesome.

    Arguably worse than the highly covered Windows BSOD issue last month, but next to no media coverage. I guess if it doesn't make you miss a flight nobody cares.
    Well, the Windows issue affected the whole world and also not just airlines... so the impact was quite a bit larger than your bi-monthly US social security data leak and global. Air travel was simply the most noticeable impact so that's what the reporting focused on...
    muthuk_vanalingam
     1Like 0Dislikes 0Informatives
Sign In or Register to comment.