Threat Actor Leaks Personal Records of 250 Million American Households on Hacking Forum

"A threat actor named Pompompurin has posted a treasure trove of 250 million personal records belonging to US residents.

The database containing 263 GB of personally identifiable information (PII)...the records contain:

Full names, phone numbers, and email addresses
Date of birth, marital status, and gender
House cost, home rent, home built year
ZIP codes, home addresses, and Geolocation
Credit capacity and political affiliation
Salary, income details, and number of owned vehicles
Number of children in the household
Number of owned pets..."

https://hotforsecurity.bitdefender....erican-households-on-hacking-forum-25731.html

 

I see there's an ad for Bitdefender's Identity Protection in there. It's disguised as "Bitdefender's Digital Identity Protection Tool." If you click on the tiny link within the ad, you have to enter your name, email, etc to proceed. That's where I jumped the ship.

It IS like 1/3 the monthly cost of Lifelock though. Wait, what am I saying?

 

You know you don't have to enter your real name and stuff on every field asking em, right?

 

Right, but in this scenario, I would want to know if my real name and other info (in some cases you need to provide that) were leaked. That's the main point of using this thing.

Doesn't matter anyway. It's mostly an ad for Bitdefender's services to me.

 

As far as I can see, they do not store your entered data



At least, not before it gets sent on the server. Ofc, what happens when it reaches the server, nobody knows (except the guys with access to the server lul).

It does 2 requests. One to


with your email, and then it waits for { "success": true} as result, it's an email verificator, you know cuz if you enter false email the 2nd request does not get sent and the 1st one returns success: false



and then the real request which checks if you've been breached





using your names and email. which means, you can do so manually yourself using this site

https://reqbin.com/post-online

and just enter the request url u see and then the json form data by changing the names and email. No guarantee it's not stored on server side tho

Also btw, wilders compressed my 1st image lul, it wasnt blurry when zoomed in

 

Thanks for the detective-work. But as you say, once it gets to their server, it's out of your hands.

haveibeenpwned.com is another site to check but there's such a lag at times betw. the actual breach and when you get notified. The point I was making is that it seems more and more, ads are being cloaked and disguised within "serious" news stories. Then, if you bite, you get nags and spam in your email, whether it's disposable or not. Don't know if that's the case here, but didn't care to find out.

 

I entered this topic because of "250 Million American Households." Because maybe there's only 80 Million Households. I want my 5 minutes back.

 

@zapjb

Good Catch

The text of the article is correct -- Headline is bad.

My apologies for promoting Bitdefender click-bait.

 

Database on Russian hacker forums
Since it has been a week that the database was dumped online, Hackread.com has noticed that it is now being circulated on several Russian-speaking hacker forums along with Telegram chat groups.

So if one knew one of the forums, he could check the database himself. Unfortunately, such forums tend to be pretty hard to find from google if u don't know the name... Assuming they're not onion ofc.

I tried googling

but after I tried a few links and it was leading me to dead/irrelevant forums, I was like "yeah **** that"