Today Brian Krebs (krebsonsecurity.com) has posted the results of a months-long investigation conducted by his organization. These results, while long suspected, are disheartening: it appears that several well known data aggregators have been compromised, and their files accessed for malicious use.
The underground ID Theft service SNNDOB[dot]ms (hereafter SSNDOB) has for two years marketed itself as a source for valid compromised identities. The source of their data has been largely unknown, but access to a major data aggregator was suspected. Several months ago, SSNDOB’s own compromised database was compromised and a copy was provided to Brian Krebs for analysis. Further analysis was performed on the networks, activities, and credentials held by SSNDOB administrators revealing a small Botnet operating on the internal systems of LexisNexis, Dunn & Bradstreet, and Kroll Background America.
The SSNDOB service has served up more than 1.02 million unique social security numbers, and nearly 3.1 million date of birth records since its inception in early 2012
You can read Krebs' full post regarding the compromise here. Be advised that I have no further substatiation of Mr. Krebs' claims nor any statements from the aformentioned companies...but krebsonsecurity.com is known to be one of the most credible sources out there. Also here is a link with some great tips about what to do if you suspect your identify has been compromised.
Be aware...
No comments:
Post a Comment