Data of Over 59 Million US Residents Available For Sale on a Cybercrime Forum

On April 22, 2021, during our routine darkweb monitoring, researchers at Cyble discovered a Threat Actor (TA) posting sensitive Personally Identifiable Information (PII) including 59 million email IDs of US residents on a cybercrime forum called RaidForums.    

Figure 1 is a screenshot of the post made by the TA. 

Figure 1

The data includes, amongst other things- 

  • Full name 
  • Phone numbers 
  • Email IDs (multiple for a few cases) 
  • Home address 
  • Date of Birth 
  • Number of children 
  • Income 
  • House price 
  • Ethnicity 
  • Location coordinates 
  • Political affiliation 
  • Habits and hobbies 
  • Pets 

Our research indicated that the TA joined the forum on October 26, 2020, and contributed to 32 other threads. A positive reputation of 2,567 suggests the TA has been considerably active in the forum, with a significant contribution of breached data to the forum.  

Figure 2 shows the details of the TA. 

Figure 2 

Further investigation:  

This leak includes a total of 250,808,966 lines of data, thereby amounting to a massive 246 gigabytes. Data points available in this leak suggest that the source may have been a marketing/advertisement firm. PII that is essential for the profiling of individuals, such as age, ethnicity, political leaning, income group, and zip code are also part of the extensive dataset.    

Figure 3 showcases Unique IDs being used to identify the individuals whose information has been captured in the dataset. The data includes names, addresses, city police jurisdiction, Zip codes, and the latitudes and longitudes of their location. 

Figure 3 

Figure 4 shows the median income, which is a code for net worth, along with other details such as credit capacity, marital status, whether they have a habit of reading, are they owners of a PC, do they own any other computers or consumer electronics, etc.  

Figure 4 

Figure 5 showcases the data containing information on whether the people have grandchildren, what is their family religion, whether they are pet owners, if yes- cat or dog, are they veterans, if they contribute to animal or children welfare, what sort of investments do they have, what kind of cooking skills do they possess, and their taste in music and movies.  

Figure 5 

This breach contains extensive background information and profiles of the individuals affected. The confidential nature of the data involved would imply that there are innumerable ways in which this information can be misused to serve malicious ends.  

Cybleโ€ฏhas been reporting these breaches toโ€ฏspread awarenessโ€ฏof the risks associated with using online servicesโ€ฏand the growingโ€ฏthreatsโ€ฏto data security.โ€ฏ 

We recommend people to:โ€ฏ 

  • Never share personal information, including financial information over the phone,โ€ฏemail,โ€ฏorโ€ฏSMSes.โ€ฏโ€ฏ 
  • Use strong passwords and enforce multi-factor authentication whereโ€ฏpossible.โ€ฏ 
  • Regularly monitor your financial transaction,โ€ฏandโ€ฏif you notice any suspicious transaction, contact your bank immediately.โ€ฏ 
  • Turnโ€ฏonโ€ฏtheโ€ฏautomatic software update feature on your computer, mobile,โ€ฏand other connected devices whereverโ€ฏpossible and pragmatic.โ€ฏ 
  • Use a reputed anti-virus and internet security software package on your connected devices,โ€ฏincluding PC,โ€ฏlaptop,โ€ฏand mobile.โ€ฏ 
  • People who are concerned about their exposure inโ€ฏtheโ€ฏdarkwebโ€ฏcan register atโ€ฏAmiBreached.comโ€ฏto ascertain their exposure.โ€ฏ 

Here’s the full headers list of the dataset-  

HH_ID,ID,First_Name_01,alphafirstname_sort,Phonetic_First_Name,Middle_Name_01,Last_Name_01,alphalastname_sort,Phonetic_Last_Name,Address,alphaaddress_sort,City,CITY_PHRASE,alphacity_sort,Cities,State,alphastate_sort,ZIP,ZIP4,Carrier_Route,Delivery_Point,Mail_Score_Code,Geo_Level_Code,Latitude,Longitude,Time_Zone_Code,County_Code,County_Description,CBSA_Code,CBSA_Description,Scrubbed_Phoneable_Flag,Ind_Gender_Code,Ind_Date_Of_Birth_Year,Ind_Age,Ind_Occupation_Code,Ind_Household_Rank_Code,Ind_Ethnic_Code,Ind_Political_Party_Code,Home_Value_Code,Home_Value_Description,Home_Median_Value_Code,Home_Median_Value_Description,Home_Owner_Renter_Code,Home_Purchase_Date,Home_Purchase_Year,Length_Of_Residence_Code,Home_Built_Year,Home_Built_Year_Code,Home_Built_Year_Description,Home_Square_Footage,Home_Square_Footage_Code,Home_Dwelling_Type_Code,Median_Income_Code,Median_Income_Description,Income_Code,Income_Description,NetWorth_Code,Credit_Capacity,Credit_Capacity_Code,Credit_Capacity_Description,Donor_Capacity_Code,Number_Children_Code,Children_Present_Flag,Marital_Status_Code,Delivery_Point_CheckDigit,Address_Number,Street_Name,Street_Suffix,State_City,Address_ID,PO_Flag,Mailable_Flag,Location_Unique_Flag,Most_Recent_Home_Purchase_Date_Flag,Number_of_Bedrooms,Number_of_Bathrooms,ProductionDate,Ind_Age_Code,Lat_Long,Geo_Lat_Long,Marketing,Mailable,Phoneable,Mailable_Phoneable,ZIP9,Zip11,Zip4Exists,Address_Master,LS_Green_Living_Flag,_version_,Lat_Long_0_coordinate,Lat_Long_1_coordinate,Email_Present_Flag,Email,CC_User_Flag,Credit_Card_Mail_Order_Buyers,CC_Bank_Flag,CC_Gas_Dept_Retail_Flag,CC_Unknown_Flag,CC_Premium_Flag,CC_Upscale_Dept_Flag,Charitable_Flag,Donor,Political_Flag,Political_Affiliation_Donor,Hobbies_Auto_Work_Flag,Hobby_Interest,Home_Furnishings_Decorating_Flag,Home_Improvement,Mail_Order_Buyer_Flag,Mail_Order_Responder_Flag,PC_Owner_Flag,Computers_Electronics,Consumer_Electronics_Flag,Email_01_MD5,CellPhone,Ind_Date_Of_Birth_Month,Secondary_Name,Secondary_Number,Mail_Order_Donor_Flag,Veteran_Present_HH_Flag,Ent_Arts_Flag,Arts_History_Science,Ent_Sweepstakes_Contests_Flag,Investing_Finance,Reading_General_Flag,Reading,Reading_Magazines_Flag,Reading_Audio_Books_Flag,Investments_Personal_Flag,Investments_Stocks_Bonds_Flag,Cooking_General_Flag,Cooking_Food,Cooking_Gourmet_Flag,Collectibles_General_Flag,Collectibles_And_Antiques,Collectibles_Arts_Flag,Collectibles_Antiques_Flag,Hobbies_Sewing_Knitting_Needlework_Flag,Hobbies_Gardening_Flag,Beauty_Cosmetics_Flag,Beauty_Fashion,LS_Highbrow_Living_Flag,LS_Common_Living_Flag,Family_Religion_Politics,LS_Broader_Living_Flag,Area_Code,Phone,Home_Property_Type_Code_02,Home_Equity_Available_Code,Home_Equity_Available_Description,Foods_Natural_Flag,Travel_Domestic_Flag,Travel,Self_Exercise_Running_Jogging_Flag,Health_and_Fitness,Self_Exercise_Walking_Flag,Self_Health_Medical_Flag,Self_Dieting_Weight_Loss_Flag,Hobbies_Crafts_Flag,Outdoor_Fishing_Flag,Outdoor_Enthusiast,Outdoor_Camping_Hiking_Flag,Outdoor_Hunting_Shooting_Flag,Spectator_Sports_Football_Flag,Sports,Spectator_Sports_Basketball_Flag,Cat_Owner_Flag,Animals_Pets,Dog_Owner_Flag,DNC_Flag,City_2,State_City_2,Childrens_Interests_Flag,Animal_Welfare_Flag,Religious_Flag,Reading_Religious_Inspirational_Flag,Travel_RV_Flag,Travel_Cruises_Flag,Music_Listener_Flag,Movie_Music,Hobbies_Photography_Flag,Sports_Golf_Flag,Environmental_Issues_Flag,Religious_Inspirational_Flag,Vehicle_Owned_Code,Other_Pet_Owner_Flag,LS_Home_Living_Flag,LS_Upscale_Living_Flag,Arts_Cultural_Flag,Childrens_Flag,Health_Flag,Christian_Family_Flag,Ent_Theater_Performing_Arts_Flag,Reading_Science_Fiction_Flag,Music_Player_Flag,Self_Exercise_Aerobic_Flag,Self_Improvement_Flag,Career_Self_Improvement,Self_Career_Improvement_Flag,Collectibles_Coins_Flag,Collector_Avid_Flag,Hobbies_Woodworking_Flag,Spectator_Sports_Baseball_Flag,Spectator_Sports_TV_Sports_Flag,Parenting_Flag,LS_Professional_Living_Flag,Email_02,Email_03,Email_02_MD5,Email_03_MD5,Investments_Real_Estate_Flag,Music_Home_Stereo_Flag,Hobbies_History_Military_Flag,Current_Affairs_Politics_Flag,Recently_Moved_Year,Recently_Moved_Month,Pre_Direction,Spectator_Sports_Hockey_Flag,Smoking_Tobacco_Flag,Ailments,Food_Wines_Flag,Travel_International_Flag,Outdoor_Scuba_Diving_Flag,Sports_Collectibles_Memorabilia_Flag,Music_Collector_Flag,Hobbies_Science_Space_Flag,Outdoor_Boating_Sailing_Flag,Political_Conservative_Flag,Reading_Financial_Newsletter_Flag,Investments_Foreign_Flag,Collectibles_Stamps_Flag,Grandchildren_Flag,Veterans_Flag,Hobbies_Games_Board_Puzzles_Flag,Computer_And_Video_Games_Puzzles,Games_Video_Games_Flag,CC_Travel_Entertainment_Flag,Self_Education_Online_Flag,Spectator_Sports_NASCAR_Flag,Sports_Motorcycling_Flag,Recently_Moved_Flag,LS_Sporty_Living_Flag,Post_Direction,Ent_Gaming_Casino_Flag,Home_Improvement_DIY_Flag,Money_Seekers_Flag,TV_Satellite_Dish_Flag,Home_Loan_To_Value_Code,Hobbies_Aviation_Flag,Movie_Collector_Flag,LS_DIY_Living_Flag,Walk_Sequence,International_Aid_Flag,Spectator_Sports_Racing_Flag,Veteran_Present_Ind_Flag,Sports_Equestrian_Flag,Email_04,Email_05,Email_04_MD5,Email_05_MD5,Sports_Tennis_Flag,Sports_Skiing_Flag,Environment_Wildlife_Flag,Truck_Owner_Flag,Motor_Vehicles,Games_Computer_Games_Flag,Political_Liberal_Flag,Ailment_Diabetic_Flag,New_Home_Owner_Flag,Ailment_Orthopedic_Flag,Ailment_Arthritis_Flag,Spectator_Sports_Soccer_Flag,RV_Owner_Flag,Boat_Owner_Flag,Motorcycle_Owner_Flag,Ailment_Allergy_Flag,Ailment_Senior_Flag,Hobbies_House_Plant_Flag,Ailment_Disabled_Flag 

Aboutย Cybleย 

Cybleย is a globalย threat intelligenceย SaaSย provider that helps enterprises protect themselvesย from cybercrimesย andย exposure in theย darkweb.ย Cybleโ€™s prime focusย is to provide organizations with real-time visibility into their digital riskย footprint.ย Backed by Y Combinator as part of the 2021 winter cohort,ย Cybleย hasย alsoย been recognized by Forbes as one of the top 20 Best Cybersecurityย Startupsย To Watch In 2020.ย Headquartered inย Alpharetta, Georgia,ย and withย offices inย Australia, Singapore, andย India,ย Cybleย has a global presence.ย To learn more aboutย Cyble, visitย www.cyble.com.ย 

Recent Blogs

BATLoader-RATs-Stealers-OneNote

Cyble analyzes BATLoader – A sophisticated loader being utilized by Threat Actors to deliver several malware families.

Read More ยป
Qakbot-Microsoft-OneNote

Cyble Research & Intelligence Labs analyzes new strategies deployed by Qakbot to infect users via Microsoft OneNote.

Read More ยป
Scroll to Top