On April 22, 2021, during our routine darkweb monitoring, researchers at Cyble discovered a Threat Actor (TA) posting sensitive Personally Identifiable Information (PII) including 59 million email IDs of US residents on a cybercrime forum called RaidForums.
Figure 1 is a screenshot of the post made by the TA.
The data includes, amongst other things-
- Full name
- Phone numbers
- Email IDs (multiple for a few cases)
- Home address
- Date of Birth
- Number of children
- Income
- House price
- Ethnicity
- Location coordinates
- Political affiliation
- Habits and hobbies
- Pets
Our research indicated that the TA joined the forum on October 26, 2020, and contributed to 32 other threads. A positive reputation of 2,567 suggests the TA has been considerably active in the forum, with a significant contribution of breached data to the forum.
Figure 2 shows the details of the TA.
Figure 2
Further investigation:
This leak includes a total of 250,808,966 lines of data, thereby amounting to a massive 246 gigabytes. Data points available in this leak suggest that the source may have been a marketing/advertisement firm. PII that is essential for the profiling of individuals, such as age, ethnicity, political leaning, income group, and zip code are also part of the extensive dataset.
Figure 3 showcases Unique IDs being used to identify the individuals whose information has been captured in the dataset. The data includes names, addresses, city police jurisdiction, Zip codes, and the latitudes and longitudes of their location.
Figure 3
Figure 4 shows the median income, which is a code for net worth, along with other details such as credit capacity, marital status, whether they have a habit of reading, are they owners of a PC, do they own any other computers or consumer electronics, etc.
Figure 4
Figure 5 showcases the data containing information on whether the people have grandchildren, what is their family religion, whether they are pet owners, if yes- cat or dog, are they veterans, if they contribute to animal or children welfare, what sort of investments do they have, what kind of cooking skills do they possess, and their taste in music and movies.
Figure 5
This breach contains extensive background information and profiles of the individuals affected. The confidential nature of the data involved would imply that there are innumerable ways in which this information can be misused to serve malicious ends.
Cybleโฏhas been reporting these breaches toโฏspread awarenessโฏof the risks associated with using online servicesโฏand the growingโฏthreatsโฏto data security.โฏ
We recommend people to:โฏ
- Never share personal information, including financial information over the phone,โฏemail,โฏorโฏSMSes.โฏโฏ
- Use strong passwords and enforce multi-factor authentication whereโฏpossible.โฏ
- Regularly monitor your financial transaction,โฏandโฏif you notice any suspicious transaction, contact your bank immediately.โฏ
- Turnโฏonโฏtheโฏautomatic software update feature on your computer, mobile,โฏand other connected devices whereverโฏpossible and pragmatic.โฏ
- Use a reputed anti-virus and internet security software package on your connected devices,โฏincluding PC,โฏlaptop,โฏand mobile.โฏ
- People who are concerned about their exposure inโฏtheโฏdarkwebโฏcan register atโฏAmiBreached.comโฏto ascertain their exposure.โฏ
Here’s the full headers list of the dataset-
HH_ID,ID,First_Name_01,alphafirstname_sort,Phonetic_First_Name,Middle_Name_01,Last_Name_01,alphalastname_sort,Phonetic_Last_Name,Address,alphaaddress_sort,City,CITY_PHRASE,alphacity_sort,Cities,State,alphastate_sort,ZIP,ZIP4,Carrier_Route,Delivery_Point,Mail_Score_Code,Geo_Level_Code,Latitude,Longitude,Time_Zone_Code,County_Code,County_Description,CBSA_Code,CBSA_Description,Scrubbed_Phoneable_Flag,Ind_Gender_Code,Ind_Date_Of_Birth_Year,Ind_Age,Ind_Occupation_Code,Ind_Household_Rank_Code,Ind_Ethnic_Code,Ind_Political_Party_Code,Home_Value_Code,Home_Value_Description,Home_Median_Value_Code,Home_Median_Value_Description,Home_Owner_Renter_Code,Home_Purchase_Date,Home_Purchase_Year,Length_Of_Residence_Code,Home_Built_Year,Home_Built_Year_Code,Home_Built_Year_Description,Home_Square_Footage,Home_Square_Footage_Code,Home_Dwelling_Type_Code,Median_Income_Code,Median_Income_Description,Income_Code,Income_Description,NetWorth_Code,Credit_Capacity,Credit_Capacity_Code,Credit_Capacity_Description,Donor_Capacity_Code,Number_Children_Code,Children_Present_Flag,Marital_Status_Code,Delivery_Point_CheckDigit,Address_Number,Street_Name,Street_Suffix,State_City,Address_ID,PO_Flag,Mailable_Flag,Location_Unique_Flag,Most_Recent_Home_Purchase_Date_Flag,Number_of_Bedrooms,Number_of_Bathrooms,ProductionDate,Ind_Age_Code,Lat_Long,Geo_Lat_Long,Marketing,Mailable,Phoneable,Mailable_Phoneable,ZIP9,Zip11,Zip4Exists,Address_Master,LS_Green_Living_Flag,_version_,Lat_Long_0_coordinate,Lat_Long_1_coordinate,Email_Present_Flag,Email,CC_User_Flag,Credit_Card_Mail_Order_Buyers,CC_Bank_Flag,CC_Gas_Dept_Retail_Flag,CC_Unknown_Flag,CC_Premium_Flag,CC_Upscale_Dept_Flag,Charitable_Flag,Donor,Political_Flag,Political_Affiliation_Donor,Hobbies_Auto_Work_Flag,Hobby_Interest,Home_Furnishings_Decorating_Flag,Home_Improvement,Mail_Order_Buyer_Flag,Mail_Order_Responder_Flag,PC_Owner_Flag,Computers_Electronics,Consumer_Electronics_Flag,Email_01_MD5,CellPhone,Ind_Date_Of_Birth_Month,Secondary_Name,Secondary_Number,Mail_Order_Donor_Flag,Veteran_Present_HH_Flag,Ent_Arts_Flag,Arts_History_Science,Ent_Sweepstakes_Contests_Flag,Investing_Finance,Reading_General_Flag,Reading,Reading_Magazines_Flag,Reading_Audio_Books_Flag,Investments_Personal_Flag,Investments_Stocks_Bonds_Flag,Cooking_General_Flag,Cooking_Food,Cooking_Gourmet_Flag,Collectibles_General_Flag,Collectibles_And_Antiques,Collectibles_Arts_Flag,Collectibles_Antiques_Flag,Hobbies_Sewing_Knitting_Needlework_Flag,Hobbies_Gardening_Flag,Beauty_Cosmetics_Flag,Beauty_Fashion,LS_Highbrow_Living_Flag,LS_Common_Living_Flag,Family_Religion_Politics,LS_Broader_Living_Flag,Area_Code,Phone,Home_Property_Type_Code_02,Home_Equity_Available_Code,Home_Equity_Available_Description,Foods_Natural_Flag,Travel_Domestic_Flag,Travel,Self_Exercise_Running_Jogging_Flag,Health_and_Fitness,Self_Exercise_Walking_Flag,Self_Health_Medical_Flag,Self_Dieting_Weight_Loss_Flag,Hobbies_Crafts_Flag,Outdoor_Fishing_Flag,Outdoor_Enthusiast,Outdoor_Camping_Hiking_Flag,Outdoor_Hunting_Shooting_Flag,Spectator_Sports_Football_Flag,Sports,Spectator_Sports_Basketball_Flag,Cat_Owner_Flag,Animals_Pets,Dog_Owner_Flag,DNC_Flag,City_2,State_City_2,Childrens_Interests_Flag,Animal_Welfare_Flag,Religious_Flag,Reading_Religious_Inspirational_Flag,Travel_RV_Flag,Travel_Cruises_Flag,Music_Listener_Flag,Movie_Music,Hobbies_Photography_Flag,Sports_Golf_Flag,Environmental_Issues_Flag,Religious_Inspirational_Flag,Vehicle_Owned_Code,Other_Pet_Owner_Flag,LS_Home_Living_Flag,LS_Upscale_Living_Flag,Arts_Cultural_Flag,Childrens_Flag,Health_Flag,Christian_Family_Flag,Ent_Theater_Performing_Arts_Flag,Reading_Science_Fiction_Flag,Music_Player_Flag,Self_Exercise_Aerobic_Flag,Self_Improvement_Flag,Career_Self_Improvement,Self_Career_Improvement_Flag,Collectibles_Coins_Flag,Collector_Avid_Flag,Hobbies_Woodworking_Flag,Spectator_Sports_Baseball_Flag,Spectator_Sports_TV_Sports_Flag,Parenting_Flag,LS_Professional_Living_Flag,Email_02,Email_03,Email_02_MD5,Email_03_MD5,Investments_Real_Estate_Flag,Music_Home_Stereo_Flag,Hobbies_History_Military_Flag,Current_Affairs_Politics_Flag,Recently_Moved_Year,Recently_Moved_Month,Pre_Direction,Spectator_Sports_Hockey_Flag,Smoking_Tobacco_Flag,Ailments,Food_Wines_Flag,Travel_International_Flag,Outdoor_Scuba_Diving_Flag,Sports_Collectibles_Memorabilia_Flag,Music_Collector_Flag,Hobbies_Science_Space_Flag,Outdoor_Boating_Sailing_Flag,Political_Conservative_Flag,Reading_Financial_Newsletter_Flag,Investments_Foreign_Flag,Collectibles_Stamps_Flag,Grandchildren_Flag,Veterans_Flag,Hobbies_Games_Board_Puzzles_Flag,Computer_And_Video_Games_Puzzles,Games_Video_Games_Flag,CC_Travel_Entertainment_Flag,Self_Education_Online_Flag,Spectator_Sports_NASCAR_Flag,Sports_Motorcycling_Flag,Recently_Moved_Flag,LS_Sporty_Living_Flag,Post_Direction,Ent_Gaming_Casino_Flag,Home_Improvement_DIY_Flag,Money_Seekers_Flag,TV_Satellite_Dish_Flag,Home_Loan_To_Value_Code,Hobbies_Aviation_Flag,Movie_Collector_Flag,LS_DIY_Living_Flag,Walk_Sequence,International_Aid_Flag,Spectator_Sports_Racing_Flag,Veteran_Present_Ind_Flag,Sports_Equestrian_Flag,Email_04,Email_05,Email_04_MD5,Email_05_MD5,Sports_Tennis_Flag,Sports_Skiing_Flag,Environment_Wildlife_Flag,Truck_Owner_Flag,Motor_Vehicles,Games_Computer_Games_Flag,Political_Liberal_Flag,Ailment_Diabetic_Flag,New_Home_Owner_Flag,Ailment_Orthopedic_Flag,Ailment_Arthritis_Flag,Spectator_Sports_Soccer_Flag,RV_Owner_Flag,Boat_Owner_Flag,Motorcycle_Owner_Flag,Ailment_Allergy_Flag,Ailment_Senior_Flag,Hobbies_House_Plant_Flag,Ailment_Disabled_Flag
Aboutย Cybleย
Cybleย is a globalย threat intelligenceย SaaSย provider that helps enterprises protect themselvesย from cybercrimesย andย exposure in theย darkweb.ย Cybleโs prime focusย is to provide organizations with real-time visibility into their digital riskย footprint.ย Backed by Y Combinator as part of the 2021 winter cohort,ย Cybleย hasย alsoย been recognized by Forbes as one of the top 20 Best Cybersecurityย Startupsย To Watch In 2020.ย Headquartered inย Alpharetta, Georgia,ย and withย offices inย Australia, Singapore, andย India,ย Cybleย has a global presence.ย To learn more aboutย Cyble, visitย www.cyble.com.ย
