Skip to main content

Data leak affecting everyone in the US, UK, and Canada was even worse than we thought

Hard as it may be to imagine, the massive data leak – which appears to include the personal data of everyone in the US, UK, and Canada – was even worse than we thought.

In a truly epic security fail, the same data was hosted by a partner company which managed to publish its own passwords, enabling absolutely anyone to access the data …

We learned last week of the leak of around 2.7 billion records.

Each record consists of the following information – a person’s name, mailing addresses, and social security number, with some records including additional information, like other names associated with the person. None of this data is encrypted.

But now KrebsOnSecurity reports that one of the company’s resellers managed to accidentally publish its own login details for the database – right there on its homepage!

Another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available from its homepage until today […]

A reader alerted KrebsOnSecurity that a sister NPD property — the background search service recordscheck.net — was hosting an archive that included the usernames and password for the site’s administrator.

Still, at least it would be impossible for things to get any worse, right? Right?

The exposed archive, which was named “members.zip,” indicates RecordsCheck users were all initially assigned the same six-character password and instructed to change it, but many did not.

How to check your data, and protect yourself

Top comment by CuJo YYC

Liked by 6 people

So lovely and considerate that, although "everyone in the US, UK, and Canada" are affected, no provision for checking on said breach is available to Canadians or residents of the UK.

View all comments

If you want to check whether your data was exposed, those resident in the US can use one of two free lookup services:

Unfortunately neither supports searches for UK or Canadian addresses.

As the database was an older backup, you may find that the data it holds for you is out of date. However, if it is current, it’s recommended that you freeze your credit. This should prevent anyone stealing your identity to apply for loans or payment cards in your name, as all applications should be declined.

Photo by Bruno Aguirre on Unsplash

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications