Plain text passwords may have struck again

National Public Data (NPD) confirmed past week that it suffered a information breach dating backmost to December past year. An alleged stolen NPD database containing 2.9 cardinal lines of data, including Social Security numbers, was advertised connected the acheronian web successful April by a hacker radical known arsenic USDoD for $3.5 million, and the stolen information has since been posted publically successful assorted locations.

Now, Krebs On Security reports a astir identical website to NPD called recordscheck.net was recovered to beryllium hosting an archive containing tract logins arsenic good arsenic root codification for immoderate of the site’s tools successful plaintext. That would’ve been capable accusation to entree the aforesaid user records arsenic NPD. The now-removed record contained email information belonging to NPD laminitis Salvatore Verini, an histrion and retired sheriff’s lawman from Florida.

In an email speech with Krebs On Security, Verini wrote that the record contained an aged website mentation with “non-working code,” and the tract volition cease operations “in the adjacent week oregon so.” Verini did not remark further, citing an “active investigation.” Krebs On Security besides recovered that Verini wrote a affirmative testimonial for Creation Next, a web developer institution mentioned successful the archived root code.

Since the leak connected the hacker forum past month, respective websites similar npdbreach.com, from Atlas Data Privacy Corp, and npd.pentester.com person popped up, saying they connection searches to find retired if your accusation is included successful the leak. Using these services, of course, means you request to enactment your name, commencement year, and possibly your SSN into someone’s form. As Krebs notes, fixed the galore leaks that have already revealed akin information, the champion people of enactment disposable whitethorn beryllium to put a frost connected your recognition report with the large bureaus (Equifax, Experian, and TransUnion) and instrumentality vantage of the free play recognition reports you are entitled to.