3 Billion Social Security Numbers Leaked On The Dark Web
Summary
TLDRA massive data breach has exposed nearly 3 billion people's personal information, including names, addresses, and social security numbers. The data, initially for sale at $3.5 million, was released for free on a hacker forum. It originated from National Public Data, which scraped data without consent. The breach could lead to identity theft and unauthorized financial transactions. The video discusses the potential risks and advises viewers to be vigilant about their personal information.
Takeaways
- 😱 A data breach exposed personal data of nearly 3 billion people, totaling 277 GB of data.
- 💸 Initially, hackers attempted to sell the database for $3.5 million but later decided to give it away for free to gain reputation.
- 📚 The leaked data includes sensitive information such as names, dates of birth, addresses, phone numbers, and social security numbers.
- 🇺🇸 In the United States, social security numbers are crucial for financial transactions and security verifications.
- 🏠 The data could be misused to shut off utilities, open new accounts, or even facilitate SIM swapping attacks.
- 🔄 The data was stolen from National Public Data, which aggregates information through web scraping and data purchases without consent.
- 🔒 The breach highlights the importance of securing personal data and the potential consequences of inadequate data protection.
- 🔎 Upon analysis, it appears that the same individual's data is repeated multiple times in the leaked database.
- 👤 Individuals with minimal online presence or who used data opt-out services were less likely to be found in the leak.
- 📉 The actual number of unique individuals affected might be less than initially reported, but still represents a significant portion of the US population.
- 💡 The incident underscores the need for better security practices and potential legal repercussions for companies that mishandle personal data.
Q & A
What was the size of the data leak mentioned in the script?
-The data leak mentioned in the script was 277 GB uncompressed.
How many people's personal data was supposedly included in the data leak?
-The data leak supposedly contained personal data of almost 3 billion people.
What kind of data points were included in the leaked database?
-The data points included first name, last name, date of birth, address, phone number, and social security number.
What was the initial asking price for the stolen database?
-The hackers initially tried to sell the database for $3.5 million.
Why did the hackers decide to give the database away for free?
-The hackers decided to give the database away for free to earn reputation within the hacker forum.
How could the leaked social security numbers be misused according to the script?
-The leaked social security numbers could be used to shut off utilities, open new utility accounts, or perform SIM swapping attacks to gain access to personal accounts.
What is SIM swapping and how does it work?
-SIM swapping is a type of attack where an attacker tricks a mobile carrier into transferring a phone number to a SIM card they control, allowing them to intercept calls and text messages, including two-factor authentication codes.
Where was the data stolen from, as mentioned in the script?
-The data was stolen from National Public Data, which provides an API service for background check services.
How did National Public Data obtain the data?
-National Public Data obtained the data through web scraping across public and non-public sources and by purchasing data from data brokers, all without consent.
What was the actual number of unique individuals affected by the data leak according to the script?
-The actual number of unique individuals affected by the data leak is likely to be an order of magnitude less than 3 billion, possibly around 200 million.
What was the observation regarding people whose records were not found in the data leak?
-People whose records were not found in the data leak often used data opt-out services or had a minimal online footprint, suggesting they might be 'off-grid'.
What was the script's suggestion for people to do in response to the data leak?
-The script suggested that people should keep an eye out for identity theft, monitor for unauthorized credit cards or utility accounts opened in their name, and follow the outcome of the class-action lawsuit against National Public Data.
Outlines
🔒 Massive Data Breach Exposed
The video discusses a significant data breach where a hacker posted a database containing personal information of nearly 3 billion people on a dark web forum. The data, weighing 277 GB, includes sensitive information such as names, dates of birth, addresses, phone numbers, and social security numbers. Initially, the hackers sought to sell the data for $3.5 million but later decided to give it away for free to gain reputation. The video highlights the potential misuse of social security numbers for identity theft, such as shutting off utilities, opening new accounts, or conducting SIM swapping attacks. The data was stolen from National Public Data, a company that provides API services for background checks and aggregates data through web scraping and purchasing from data brokers without consent.
🔎 Debunking the '3 Billion People Affected' Claim
The video script analyzes the claim that the data breach affected 3 billion people by examining a sample of the leaked data. The presenter uses Libre Office to organize the data into labeled columns and notices that multiple records refer to the same individual, suggesting that the actual number of affected individuals is likely less than reported. The presenter also discusses the potential reasons why some people, including themselves, are not found in the data leak, such as using data opt-out services or having a minimal online presence. The summary concludes by advising viewers to be vigilant against identity theft and to monitor for unauthorized activities under their names.
📢 Call for Accountability and Security Improvement
The final paragraph of the script addresses the legal action taken against National Public Data for their failure to secure the massive amount of sensitive data and for scraping data unethically without consent. The presenter calls for severe punishment to deter companies with poor security practices and data hoarding tendencies. The video ends with a call to action for viewers to like, share, and support the presenter's online store, offering a discount for using Monero at checkout.
Mindmap
Keywords
💡Data breach
💡Dark web
💡Personal data
💡Social Security number (SSN)
💡Hashing
💡Web scraping
💡Data broker
💡Identity theft
💡Sim swapping
💡Class action lawsuit
💡Data opt-out services
Highlights
A data breach has exposed personal data of nearly 3 billion people.
The leaked data is 277 GB uncompressed, equivalent to the size of Call of Duty Black Ops 6 4K texture packs.
Data points include first name, last name, date of birth, address, phone number, and social security number.
Hackers initially attempted to sell the database for $3.5 million but later decided to give it away for free.
The data breach could enable attackers to shut off utilities or open new accounts in victims' names.
Social security numbers are used for financial transactions and security verifications in the United States.
The data could be used for SIM swapping attacks, compromising online accounts.
The data was stolen from National Public Data, which provides an API service for background checks.
Data was obtained through web scraping and purchasing from data brokers without consent.
Background check services often provide a poor user experience, asking for payment after long load times.
The actual number of affected individuals may be less than reported, possibly around 200 million.
Some individuals could not be found in the leak, possibly due to using data opt-out services or having minimal online presence.
The data leak includes repeated entries of the same person at different addresses.
The video creator hashes personal data to protect privacy while demonstrating the breach's impact.
There are examples of the same person being repeated multiple times in the database.
A class action lawsuit has been filed against National Public Data for their failure to secure the data.
The video concludes with a call to action for viewers to protect themselves from identity theft and stay informed about the lawsuit's outcome.
The video encourages viewers to like, share, and support the creator's online store for merchandise.
Transcripts
I've covered a lot of data breaches on
this channel and usually the number of
personal records that get released in
any odd data leak are in the thousands
or sometimes in the millions but today
when I was browsing my friendly
neighborhood dark web hacker Forum I
stumbled upon a post titled national
public data full DB 2024 which
supposedly has the personal data of
almost 3 billion people in it that's
right folks folks this text Data weighs
in at
277 GB uncompressed that takes up about
as much space as Call of Duty Black Ops
6 4K texture packs and all and it has
data points in it like first name last
name date of birth address phone number
and social security number now at first
the hackers that stole this database
were trying to sell it for $3.5 million
but then they decided H you know what
I'm feeling generous today I'm going to
just give it away for free to all of my
hacker Forum buddies so I can earn
myself a lot of reputation and as far as
the leak itself goes it's pretty much
structured like a phone book but with
social security numbers included as well
and that SSN data point is especially
disturbing because I don't know about
other countries but here in the United
States Social Security numbers are used
when you apply for a loan when you open
a bank account credit card account
credit reports and pretty much any other
financial transaction involves your
social security number and the last four
digits of a person's social security
number are often used for security
verifications whenever you call up your
internet provider to interact with your
account or your utility provider or your
cellular company so the data in this
leag could be used by somebody to shut
off your power or open up new utility
accounts in your name at different
houses that they're squatting in or
trying to rent out to people like hey
you want to stay in this abandoned house
and get some free Power sure just come
in here and I don't know give me a 100
bucks a month or they could call your
cellular provider and use your social
security number to pull off a Sim
swapping attack so this is where an
attacker basically takes control of your
phone number by getting the carrier to
program their sim card with it they
would just call your carrier pretend to
be you or someone authorized on your
account and say that they lost their
phone and now they've got a new one and
they need the phone number back and then
after they do that the attacker is able
to get all of your calls and all of your
text messages on their phone and that
includes temporary codes that Google or
Facebook sends you for changing your
password and two-factor Authentication
which means that those accounts could be
compromised too who would have thought
that a nine-digit number assigned to you
at Birth could cause so much Havoc if it
fell into the wrong hands and speaking
of wrong hands you're probably wondering
who this data was stolen from because
most people don't just have 300 gabyt of
social security numbers and names and
addresses and stuff laying around so the
data in question was stolen from
national public data which provides an
API service for background check
services and they got the data through
web scraping across public and
non-public sources without anyone's
consent and from purchasing the data
from data Brokers again without the
consent of the person who the data
pertains to national public data then
combines these different sources and
packages it together in a format that
XML apis can read easily and then the
different background check services
online create a front end for their
customers to do these background checks
and these different kinds of lookups
often in a not so convenient way that
takes artificially long to load the data
only to ask you to pay a fee at the very
end when you thought it was free so I
guess one upside to this data breach is
that now I can do background checks
locally with grep instead of having to
go through that nonsense anymore now I
haven't been able to look through this
data too extensively since it's
basically a compressed CoD game worth of
information that takes a long time to
download since it's probably hosted on a
remote server in Vietnam somewhere and
it has to pass through the onion Network
to get to its destination but based on
the limited amount of grepping that I've
been able to do on the two SS sn. txt
files I can confirm that this breach
doesn't actually affect 3 billion people
and I can actually demonstrate why
that's the case and hopefully I can do
so without doxing anyone so here in
Libre office I've copied over a sample
of the data leak and I've organized it
into labeled columns so we've got ID
first name last name middle name Etc
these are all of the same columns that
came from the database leak it's just
comma separated values you know there's
a nicer way to display all the
information um now the reason why the
data in these cells looks like a bunch
of random letters and numbers instead of
a legible name is because I hashed all
of the personally identifying
information here to protect this
person's privacy see um the only one
that's not hashed is this ID column here
which is just the line number from the
data set so this isn't really considered
pii uh so you can see here that this is
eight different
records and if we start looking through
each of the columns here for first name
all of these hashes are the same um and
if you're not familiar with hashing
algorith
they basically take input of a string
and they crunch it down into something
that can't be reversed so there's no way
to actually get the person's first name
from what you're seeing here that's why
it's safe to show it um but also any two
strings that are the same if you feed
them into a hashing algorithm the hash
is going to be the same and if those
strings deviate just a little bit and a
string can be an entire novel mind you
so like if you literally just change one
letter in a novel and then you pass that
into a hashing algorithm you're going to
get two completely different hashes from
that so the fact that these are the same
proves that the input strings I fed were
the same as well uh so we have the same
thing going on with last name okay all
of this is the same middle name or
really just middle initial um or
sometimes it's a middle name you know
it's if if you actually look through the
raw data um it's mostly middle initials
and sometimes middle names but anyway
that's all the same dates of birth are
the same now with addresses there's a
little bit of differences here but I've
actually highlighted in different colors
the ones that match so these two
addresses are the same um I think yeah
the green ones match this orange one is
unique and then these purple ones match
up as well uh so there's only four
unique addresses here out of um eight
records all the cities uh County names
State and zip codes are all the
same so you know maybe this guy owns
multiple condos in one building or maybe
he moved around town a few times I'm not
exactly sure uh what's up with that
there and if there were any doubts that
this is all the same
person in the SSN
column these are all the same too so
it's all the same social security number
it's all the same person repeated eight
times in the database leak and there's
several different examples of this um if
you actually look at the raw database
leak of the same person being repeated
or being repeated at different addresses
um I've seen a few PO Box entries for
people and another positive observation
is that I wasn't able to find records
for several people who authoriz me to
look them up in this database leak
including myself and I think the Common
Thread here with people I wasn't able to
find where these people either used data
optout services or they just have a very
very minimal online footprint to begin
with they don't really have any uh
subscription services that they pay for
they don't have any social media um or
you know anything like that I guess
they're kind of off- grid you could say
so if I had to guess the actual number
of people in this leak is probably an
order of magnitude or possibly a little
less than what some media Outlets are
saying with 2.9 billion uh but still you
know that's over 200 million people's
Social Security numbers leaked which is
most of America so yeah keep an eye out
for identity theft uh people opening up
new credit cards or new utilities new
lines with the cell phone company and
stuff like that under your name and keep
an eye out for the outcome of this class
action lawsuit that's been filed against
national public data because of their
failure to secure this massive Trove of
data that they had and also the fact
that they scraped this data in some
really shady ways without anyone's
consent in the first place hopefully
their punishment is severe enough to to
compel all these companies that have
poor security practices and data
hoarding fetishes to stop it and get
some help if you enjoyed this video
please like and share it to hack the
algorithm and check out my online store
base. when where you can get awesome
merch like the tie-dye Tor te or the
come and finded hoodie 10% discount for
using Monero XMR at checkout have a
great rest of your day
Weitere ähnliche Videos ansehen
Security Breach Example 2
NOTICIA de ÚLTIMA HORA!
FinCap Friday: Freeze Out Fraud | Hosted by @missbehelpful
Data 279 Juta Peserta BPJS Diduga Bocor, Pengamat: Ada Kelalaian Pengelolaan Sistem Keamanan
Sony Attacked Anonymous And Immediately Regretted it
Seri Ekonomi Digital: Pentingnya Perlindungan Data Pribadi di Indonesia
5.0 / 5 (0 votes)