100 million Americans just had their background check data exposed — phone numbers, dates of birth and more

[edjr 6,335]

https://www.tomsguide.com/computing/online-security/100-million-americans-just-had-their-background-check-data-exposed-online-how-to-stay-safe?utm_term=D6711633-CC9B-49B4-859D-FEA0C2A0B23C&lrh=e88ced37db88521a9d444adec502058cb066107b0474ff42223ea067a70870ec&utm_campaign=E7CCEEA1-DDFE-442F-85F9-6D317BC29EC0&utm_medium=email&utm_content=1C94FBB3-8AAA-4F92-BDB7-423F9C80F26C&utm_source=SmartBrief

Quote

 

Having to get a background check done is bad enough as it is but what if all of your personal and employment information was left exposed online for anyone to access? Well, that’s exactly what just happened for at least 100 million Americans.

Unlike with data breaches which are usually the work of hackers, data leaks occur when a company fails to properly secure the data points it has on customers or in this case, one third of the entire U.S. population.

As reported by Cybernews, its security researchers recently discovered a worrying data leak at a company called MC2 Data which operates a number of public record and background check sites including PrivateRecords.net, PrivateReports, PeopleSearcher, ThePeopleSearchers and PeopleSearch USA.

Here’s everything you need to know about this massive new data leak including all of the information that was exposed along with some tips and tricks to help keep you safe from hackers trying to use this leaked info in their attacks.

Just like with other past data leaks, this one was likely the result of human error instead of hackers. Cybernews’ research team found approximately 106,316,633 records or 2.2TB of data from MC2 Data was stored in a database without a password on August 7th. This could have allowed anyone on the internet to access and download this information, including hackers.

It’s estimated that at least 100 million U.S. citizens are affected by this data leak. However, the data of 2.3 million MC2 subscribers was also leaked as a result of this database being left unprotected online.

The leaked data includes the names, email addresses, IP addresses, physical addresses, phone numbers, dates of birth, employment history, property records, legal records, employment history, encrypted passwords and even data on the families, relatives and neighbors of those affected. It appears that no financial information was leaked though.

Not only does this leaked data put affected individuals at risk but it’s also very likely that MC2 Data will face both damage to its reputation and potential legal action. We’ll update this story accordingly as we find out more on this massive data leak.
Normally after a major data breach, a company will provide free access to the best identity theft protection service or at least credit monitoring to its customers. However, as MC2 Data and other background check companies have your data even though you aren’t technically a customer, that likely won’t be the case here unless a government agency intervenes.

So what could hackers do with all this leaked data? Based on the types of data that were exposed online, targeted phishing attacks are the most likely outcome. In these types of attacks, hackers use the information they have on you — which is a lot here — to craft personalized phishing emails or text messages.

You see, hackers could use these phishing messages as a way to coax more information like passwords or credit card details out of you. Likewise, they could send you malicious links or malware-filled attachments as a way to infect your computer or even your smartphone.

With all of this personal and employment information out there, my best advice is for you to be extremely careful and diligent when checking your inbox or even your messages for the foreseeable future. Look out for messages from unknown senders that try to instill a sense of urgency. However, as phone numbers were also exposed, you could be getting scam calls too.

It’s one thing for hackers to break into a company and steal its data, it’s another when a database filled with troves of personal information is left unsecured online without a password. Hopefully MC2 Data and all of the other companies that handle troves of sensitive data learn from this incident. However, I’ve written loads of stories about unsecured databases over the years, and this kind of thing just seems to keep happening.

 

I am sure most of you have 850 credit scores. Make sure to lock your credit at the 3 credit bureaus. 

[IGotWorms 4,053]

I assume all my data is everywhere at this point. It’s a g0ddamn miracle no ID theft has occurred yet (as far as I know, anyway), but it’s definitely coming 

[edjr 6,335]

2 minutes ago, IGotWorms said:

I assume all my data is everywhere at this point. It’s a g0ddamn miracle no ID theft has occurred yet (as far as I know, anyway), but it’s definitely coming 

Agreed. it is gross how badly our information has been protected. 

[posty 2,492]

1 hour ago, IGotWorms said:

I assume all my data is everywhere at this point. It’s a g0ddamn miracle no ID theft has occurred yet (as far as I know, anyway), but it’s definitely coming 

Yup…. If one actually believes that their data is still 100% safe, they are completely naive…

[easilyscan 723]

A question related to the subject for the tech savvy. About 1/3 of Americans use a cloud based password manager. To each his own, but I'm not real high on that method.

About 5 years ago, I opened a simple text file, listed all usernames and passwords, printed it, & copied it to a password protected USB drive. Then removed all the data from the file, & deleted it. About once a year, I plug in the USB, open the file, make changes/updates & print. Is this a safe alternative ?

[edjr 6,335]

10 minutes ago, easilyscan said:

A question related to the subject for the tech savvy. About 1/3 of Americans use a cloud based password manager. To each his own, but I'm not real high on that method.

About 5 years ago, I opened a simple text file, listed all usernames and passwords, printed it, & copied it to a password protected USB drive. Then removed all the data from the file, & deleted it. About once a year, I plug in the USB, open the file, make changes/updates & print. Is this a safe alternative ?

2FA is your friend

[Voltaire 4,974]

100 million aliases controlled under the 'Rusty Syringes' umbrella user name have been discovered. 

[Voltaire 4,974]

14 hours ago, IGotWorms said:

I assume all my data is everywhere at this point. It’s a g0ddamn miracle no ID theft has occurred yet (as far as I know, anyway), but it’s definitely coming 

What protects me best is not being important enough to bother to fock with...

well  almost ..

every call center in India has my phone number and assures me they can help me get government subsidized health care or free solar panels installed or something.

[Thornton Melon 596]

19 hours ago, easilyscan said:

A question related to the subject for the tech savvy. About 1/3 of Americans use a cloud based password manager. To each his own, but I'm not real high on that method.

About 5 years ago, I opened a simple text file, listed all usernames and passwords, printed it, & copied it to a password protected USB drive. Then removed all the data from the file, & deleted it. About once a year, I plug in the USB, open the file, make changes/updates & print. Is this a safe alternative ?

I would never trust my passwords in the cloud. I put mine in an Excel spreadsheet, and the passwords are listed as hints. I have 6 "basic" passwords that have the same format, and the hints I use are "One", "Two", "Three" etc...The way I spell out each hint (uppercase/lowercase, characters, etc) tells me the password. So, if anyone got their hands on the Excel file or a printout, it'd be useless to them.

I also use 2FA whenever possible.

[edjr 6,335]

1 minute ago, Thornton Melon said:

I also use 2FA whenever possible.

I should have prefaced earlier.  2FA with an authenticator app is what you want.

2FA with sending a code is easily hacked. 

[kilroy69 1,163]

It should be automatic bankruptcy if this happens. The company should be forced to make it right and offer credit protection for those that had their data leaked.  

[Thornton Melon 596]

1 minute ago, edjr said:

I should have prefaced earlier.  2FA with an authenticator app is what you want.

2FA with sending a code is easily hacked. 

Easily hacked? You mean like a code sent to your phone?

[edjr 6,335]

13 minutes ago, Thornton Melon said:

Easily hacked? You mean like a code sent to your phone?

yes. hacking sim cards to get a text is fairly easy. especially with most people having a built in sim now

[Thornton Melon 596]

17 minutes ago, edjr said:

yes. hacking sim cards to get a text is fairly easy. especially with most people having a built in sim now

But what good is the code to the hacker? They don't have your password. Seems like they could fock with you by preventing you from accessing your account, but they couldn't actually get into your account. Am I missing something? 

[easilyscan 723]

15 minutes ago, Thornton Melon said:

But what good is the code to the hacker? They don't have your password. Seems like they could fock with you by preventing you from accessing your account, but they couldn't actually get into your account. Am I missing something? 

I was going to ask the same thing. 

 

[edjr 6,335]

29 minutes ago, Thornton Melon said:

But what good is the code to the hacker? They don't have your password. Seems like they could fock with you by preventing you from accessing your account, but they couldn't actually get into your account. Am I missing something? 

if a person gets your password and needs 2fa, they contact your carrier, with little information about you, they get your number set to a phone/sim they have. they log in with whatever account they have your login/password and use your phone to get the code

[Thornton Melon 596]

2 minutes ago, edjr said:

if a person gets your password and needs 2fa, they contact your carrier, with little information about you, they get your number set to a phone/sim they have. they log in with whatever account the have your login/password and use your phone to get the code

Oh, alright, so they need your password, then. They're never gonna get mine 

[edjr 6,335]

1 minute ago, Thornton Melon said:

Oh, alright, so they need your password, then. They're never gonna get mine 

yup. you’re the one immune 

[easilyscan 723]

59 minutes ago, Thornton Melon said:

I would never trust my passwords in the cloud. I put mine in an Excel spreadsheet, and the passwords are listed as hints. I have 6 "basic" passwords that have the same format, and the hints I use are "One", "Two", "Three" etc...The way I spell out each hint (uppercase/lowercase, characters, etc) tells me the password. So, if anyone got their hands on the Excel file or a printout, it'd be useless to them.

I also use 2FA whenever possible.

Thanks. I also use 2FA. 

For what it's worth, I've never logged into any of my financial related sites (small local bank (checking account) Fidelity (taxable brokerage account, HSA, IRA)  Vanguard 401(k) or any of my credit cards via phone. Only do that via my iMac desktop. Once I receive the security code, I delete the text. I think those codes are only good for a very brief period of time anyway.

[edjr 6,335]

39 minutes ago, Thornton Melon said:

Oh, alright, so they need your password, then. They're never gonna get mine 

I@mFFTg33k2024

[Thornton Melon 596]

4 hours ago, edjr said:

I@mFFTg33k2024

That's close