An unknown group of hackers is selling personal profiles and sensitive financial data of over 200 million people on the Darknet for $600. A technical review board at Peerlyst approved the legitimacy of the database, which is presumed to be composed of consumer information from Experian and Acxiom.
Experian and Acxiom are both technology firms and information service providers with multi-billion dollar revenues. CSO’s Salted Hash reached out to Experian to receive confirmation in regards to the legitimacy of the database. Sources at Experian admitted that this data breach was informed to its development team but the outcome of their investigation ascertained that it wasn’t the company’s consumer data that was leaked.
“We’ve seen this unfounded allegation and similar rumors before. We investigated it again – and see no signs that we’ve been compromised based on our research and the type of data involved. Based on our investigations and the lack of credible evidence, this is an unsubstantiated claim intended to inflate the value of the data that they are trying to sell – a common practice by hackers selling illegal data.” Experian representative said in an interview.
Acxiom however, did not respond to any questions about the database. It is likely that the US$ 2.1 billion corporation is conducting various investigations to confirm the origin of data being sold on the Darknet.
In total, the number of profiles listed on the database amounts to 203,419,083. The records, worth 6GBs, include highly sensitive and valuable information including name, address, date of birth, phone number, etc. On certain accounts, more financial information including income, net worth, education and 76 more types of data are listed, making the database a huge issue for users on the list.
With financial information, credit data and other personal profiles in place, if the database is acquired, the possibility that these data sets will be used for criminal activities cannot be eliminated. Just by the sheer number of data, confirmed legitimacy by experts and the range of information listed on the database, the acquirer of the database could use it to blackmail high profile individuals and businesses for larger ransom.
J. Tate, the CISO of bits&digits, also noted in an interview with Salted Hash that this particular leak is incredibly dangerous and concerning due to the possibility that criminals or scam artists can use the data for an endless list of fraudulent activities.
“The information collected in this trove, no matter which data-broker or marketing enrichment system it came from is now in the hands of people that you will never know. What uses they provide to both marketers and nefarious scam artist are endless. This is my biggest concern, the data sets that are popping up around the world are not secured as regulation mandates, are providing easy to access credentials and intelligence points to facilitate complex identity fraud, human trafficking and money laundering operations across the globe,” said Tate,
The hackers that penetrated the infrastructure of what it looks like a large scale IT firm or a financial service providers, are being very cautious in dealing with potential buyers. The sale is only open to reputable buyers or users with accounts that have high ratings and large volume of transactions settled in the past.