An enormous information leak exposing the non-public info of over 100 million US residents has been reportedly uncovered by safety researchers.
The breach, found by Cybernews and attributed to a misconfigured database at background verify agency MC2 Information, allegedly left 2.2TB of delicate information accessible on-line with out password safety.
What Was Uncovered within the MC2 Information Breach?
The database contained 106,316,633 information, together with:
Full names
Emails
IP addresses
Dates of start
Partial fee particulars
Dwelling addresses
Telephone numbers
Employment and authorized histories
Property information
Household, kinfolk and neighbors’ information
“Encrypted passwords had been additionally leaked,” added Darren James, a senior product supervisor at Specops Software program. “Whereas encryption gives a layer of safety, these passwords at the moment are weak to brute-force assaults. If cracked, particularly when linked to electronic mail addresses, they may doubtlessly grant unauthorized entry to different programs because of the frequent follow of password reuse.”
Subscribers to MC2 Information companies had been additionally affected, totaling over 2.3 million people. Their information, which may embrace details about employers and legislation enforcement, is especially regarding as it might current a better worth goal for cybercriminals.
Safety Issues and Trade Impression
MC2 Information, which runs in style background verify websites resembling PrivateRecords.internet and PeopleSearchUSA, collects and compiles info from varied public sources to be used by employers, landlords and others for decision-making.
Learn extra on background verify service dangers: Florida-Based mostly Nationwide Public Information Confirms Information Breach
The invention has raised severe issues about how background verify firms deal with and safe huge quantities of personally identifiable info (PII). The leak places tens of millions liable to identification theft, fraud or different cyber-attacks.
Safety researchers warn that such a breach might be a goldmine for cybercriminals, permitting them easy accessibility to usually protected detailed private profiles.
“That is one other enormous breach in an all too acquainted narrative of ‘human error,’” mentioned Javvad Malik, lead safety consciousness advocate at KnowBe4. “Whereas it’s simple to level fingers at a person to say {that a} specific net database was left marked as public versus personal, it underscores a basic challenge the place safety doesn’t seem like given the precedence it deserves.”
Infosecurity has reached out to MC2 Information by means of their authorized consultant, Strauss Borrelli PLLC, for clarification on the breach and the actions taken to handle it. Nonetheless, on the time of writing, no response has been obtained.
We’ll replace our readers ought to extra info change into out there. Within the meantime, the database has reportedly been secured.