A massive data breach of the "biggest database ever" that allegedly includes 4 TB worth of data has demonstrated how important opting out of sharing your data is.
The hacker allegedly responsible for the breach (who goes by "USDoD") originally posted the leak to notorious dark web data breach site, BreachForums, on April 8, 2024. In their post, USDoD said: "Hello Breachforums [sic] Im [sic] proud to say that I got access to the biggest database ever. This is the entire population of US, UK and CA".
The post went on to explain that the database was from National Public Data, a background check and individual lookup site that offers API lookups to businesses. USDoD claimed that the database contained 2.9 billion rows, had data from 2019-2024, and was 200 GB compressed or 4 TB uncompressed. USDoD has offered the sale of the database for $3.5 million and said they would provide "credentials" for the database's server to the buyer.
Massive #DataBreach Alert ⚠️2.9 billion records of USA, Canada, and UK citizens allegedly for sale for $3.5 million.The threat actor USDoD claims to be selling a 4 TB database containing 2.9 billion rows apparently exfiltrated from National Public Data, a public records data… pic.twitter.com/kgSd3RpoP2April 8, 2024
Now, vxunderground, the self-described "largest collection of malware source code, samples, and papers on the internet" has investigated the leak.
In a post on X (formerly Twitter) on June 2, vxunderground explained that they had discovered USDoD intended to leak the data and had requested a copy of the database to confirm the legitimacy of the hacker's claims.
Vxunderground noted that the files sent to them for verification was 277.1GB uncompressed and contained "real and accurate" data, confirmed via vxunderground looking up data from consenting individuals.
The data present for those in the US contained full names, addresses, address history going back more than three decades in some cases, and social security numbers. Through the database, vxunderground were also able to find the family members of those they looked up, including parents, siblings, aunts, uncles and cousins, even if these relatives were deceased. It was through looking up these consenting individuals that vxunderground was able to discover that the database contained information on those who were deceased, with some included having been dead for almost 20 years.
April 8th, 2024, a Threat Actor operating under the moniker "USDoD" placed a large database up for sale on Breached titled: "National Public Data". They claimed it contained 2,900,000,000 records on United States citizens. They put the data up for sale for $3,500,000.National…June 1, 2024
One of the main takeaways from this data breach is the fact that any person who used any kind of data opt-out services was not present on the database. Anyone who did not use data opt-out services was "immediately found" by vxunderground.
This clearly shows how important opting out of sharing your data is. If you're concerned about what data of yours is available, you can use data removal services.
A great example of this is from one of the best VPN providers, Surfshark. With Surfshark's Incogni service (and other data removal services), you can delete your data from online databases, leaving you safe in the knowledge that your personal information is not available for anyone to see.
