Our Daily Breach 2024/10/07
Today’s breach may not be breaking news, but it will likely be remembered as one of the most monumental cybersecurity fiascos in corporate history. National Public Data (NPD) had already earned a top spot on the scoreboard of shame for leaking the names, addresses, phone numbers, and, in some cases, email addresses of more than 272 million people. While many of those affected are no longer alive, for the rest of us still stuck here, a word of advice from Brian Krebs stands out—though many seem to have ignored it:
"If you’re an American who hasn’t frozen your credit files, and you haven’t yet experienced new account fraud, the ID thieves probably just haven’t gotten around to you yet."
If you've been following Our Daily Breach, you know why we extend that advice to anyone living in the Global North. Unless you’re actively applying for new credit, why keep the port open? Your private data may not have been compromised this time, but don’t underestimate the sheer incompetence of corporate cybersecurity.
To truly cement their place as the champions of OpSec Idiocracy, NPD didn’t just expose the majority of America’s data—they also managed to leave their own administrative passwords publicly available on the background check service, recordscheck.net.
The exposed archive, which was named “members.zip,” indicates RecordsCheck users were all initially assigned the same six-character password and instructed to change it, but many did not.
After only a week of reading these colossal cybersecurity failures, one thing is certain: there will be a usurper to the throne.
Sources
Skip to content
Skip to content
