Plain text passwords may have struck again
National Public Data (NPD) confirmed last week that it suffered a security breach dating back to December last year. An alleged stolen NPD database containing 2.9 billion lines of data, including Social Security numbers, was advertised on the dark web in April by a hacker group known as USDoD for $3.5 million, and the stolen data has since been posted publicly in various locations.
Now, Krebs On Security reports a roughly identical website to NPD called recordscheck.net was found to be hosting an archive containing site logins as well as source code for some of the site’s tools in plaintext. That would’ve been enough information to access the same consumer records as NPD. The now-removed file contained email data belonging to NPD founder...