‘National Public Data’ Consumer Data Broker Published Its Backend Admin Passwords

• The recent National Public Data leak owes to a public-facing file with private information.
• A sister NPD property mistakenly made a backend credential file available to anyone.
• The USDoD cybercriminal gang offered the alleged National Public Data data set for sale and then decided to leak it for free.

Background check company Jerico Pictures Inc., trading as National Public Data (NPD), suffered a data breach that leaked on a hacker forum on August 6. However, it turns out another NPD data broker with shared access accidentally published the passwords to its backend database, KrebsOnSecurity has learned.

NPD background search service “recordscheck.net” hosted an archive named “members.zip” that included the usernames and passwords of the site’s administrator accounts, as well as the source code and plain text usernames and passwords for different components of the NPD mirror website.

Apparently, many of the RecordsCheck users did not change the same six-character password initially assigned to all accounts. The password file was freely available from its homepage.

Members of a cybercriminal group called USDoD leaked the database, allegedly containing 2.9 billion records, offering 277 GB of stolen data for free. A few days earlier, a complaint was filed in the US District Court for the Southern District of Florida. 

The leaked details reportedly include first, middle, and last names, dates of birth, addresses, cities, counties, states, zip codes, phone numbers, and Social Security Numbers of users who chose to opt-in.

The NPD data scraping company offers a searchable database with billions of records from non-public sources, which they collect without people’s knowledge or consent, so the impacted individuals have no way of knowing that their data leaked.

Recently, a threat actor known as 'emo' leaked 15,115,516 Trello members’ accounts on a popular Dark Web forum, which included email addresses and full names.

In July, Fujitsu identified a data breach that occurred earlier this year and resulted in the exfiltration of customers’ personal details and those of their businesses.