100 Million Social Security Numbers Hacked For Sale Online For $20,000 USD



The Hacker Calls Himself “FEAR”

In a recent contact made with the hacker it was exposed that the data breach did not only provide access to personal information. The hacker, FEAR, says there are also “emails” within the databases. Theses databases are, from previously contacted sources, said to be US State government websites, that could disclose private conversations between high level officials. This is the first major data breach on the State level.

hacker-fear-government-data-us-ftp

This data dump could very well expose corruption on the State levels within the US government. We will be on the lookout for the emails mentioned by “FEAR” and their contents will be evaluated for corruption when they are made public.

A Message From “FEAR” to Federal Agencies.

https://twitter.com/hackinyolife/status/777962768775254016

How Easy It Was – US Government Doesn’t Even Encrypt Private Citizens Data!

A hacker known as Fear appears to have hacked hundreds of government servers used to upload and download files from the internet.

Fear, who claims to be a teenager, said he took advantage of lax security at the company Neustar to gain access to a large number of FTP (File Transport Protocol) servers.

Servers for file transport are often used to upload data to a website, and run off of the same types of domain names as websites.

Neustar is in charge of the “.us” top-level domain, an alternative to “.com,” “.edu” and “.org.”

By hacking Neustar, Fear gained access to the FTP accounts for every site with an address ending .us.

“I hacked into the Neustar FTP, and I dumped their files, and in the files there were a list of each and every FTP server on a .us, and it had their passwords, users, ftp ip, hostname, and domain,” said Fear in an online chat.

Many of the servers that host .us accounts also host “.gov” accounts, leaving Fear with what he claimed was access to a wide variety of government information, including voter registrations for every county in all 50 states, prescription databases and the Department of Education.

“It only takes 13 hours and 23 minutes and 12 seconds for somebody to finish gathering data on every US citizen,” Fear boasted.

Many states used poor security practices, he said, using passwords no more than five characters and failing to encrypt sensitive information.

(THEHILL)

FEAR Contacted Databreaches.net

“Sad to know .us domains are so unsecure”

A private message to DataBreaches.net on Saturday evening was the prelude to a young hacker downloading tremendous amounts of data from states.

Over the next few hours, a teenage hacker known to DataBreaches.net from his past hacking activities would remind us once again just how insecure everything was, showing this blogger samples of files that he obtained in a hack that not only gave him access to every state with a domain on .us, but also to some .gov domains such as the U.S. Department of Education.

When asked how he obtained access, he replied:

I gained access to an ftp server, that listed access to all the ftp’s on .us domains, and those .us domains were hosted along with .gov , so I was able to access everything they hosted, such as, public data, private data, source codes etc…

He declined to reveal what .gov sites, other than USED, he was able to access, but did expand a bit on his previous answer, telling DataBreaches.net:

It was very simple to gain access to the 1st box that listed all the .us domains, and their ftp server logins. I went through each and every one, it was legit. I am pretty sure about every person who does security researching can do this, yes, it may have took me about 3 hours or 4 hours or looking around, but it is still possible.

Encryption was no obstacle for him, he said, because he saw no evidence that encryption was used at all: “I was able to read all of it in plain text form.”

As he acquired files, the teenager commented in a private chat on what he was obtaining:  Social Security numbers in one file, credit card numbers in another, postal and email addresses and phone number of Minnesota school board candidates in another, web-banking transactions from the First Bank of Ohio, and more, he claimed.

Web-banking transactions, First Bank of Ohio

Web-banking transactions, First Bank of Ohio
According to the teen, he was able to get customer credit card records from the bank because the state had access to the bank and he then went through several SQL tables:

Names, addesses, phone numbers, email addresses, credit card numbers with CVV and expiration dates - everything in this file was in plain text.

Names, addesses, phone numbers, email addresses, credit card numbers with CVV and expiration dates – everything in this file was in plain text.

The hacker seems to have paid particular attention to Florida.  Just one file alone from Florida had 267 million records, another had 76 million, he told DataBreaches.net.

“i just got access to a total of Social Security’, 101087939 numbers,” he claimed at another point, without indicating which state it was from.

i have been wget one state for like an hour lmao
has like
prob
400 mil
entries in total

(DATABREACHES)

Hacker says he’ll dump the data online

The hacker also bragged about downloading 101,087,939 Social Security numbers from an unnamed state, and currently downloading another 400 million records from other sources.

All this constant downloading of personal information gave the hacker away, and after a few hours, he lost access to some servers. For the time being, it is unknown who detected the intrusion. Fear declined to mention which servers he had lost access to.

The hacker also said that many of these government FTP servers were improperly secured, with six of the 50 states using five-character-long passwords.

Fear has stated he plans to leak some of the data. “When I dump the data, well if I choose too, I will include credit cards , social security and address, phones , names,” Fear told Softpedia in a Twitter conversation.

Softpedia has reached out to Neustart seeking comment on the incident. We will update the post if we receive an official statement.

(SOFTPEDIA)


Always remember to SHARE important information! We can change the world.


Find More News

Leave a Comment Below


 

Christopher Kemmett

Founder of The Real Strategy and Lowest Priced Advertisements.