DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

More details on the massive MC2 data leak

Posted on September 25, 2024December 16, 2024 by Dissent

Several days ago, Cybernews claimed “exclusive research” that they headlined by claiming, “One-third of the US population’s background info is now public.”  DataBreaches pointed out that their reporting was missing important details. DataBreaches wrote:

Unfortunately, they fail to clearly report when they discovered the leak, whether or when they contacted the entity to alert them to the leak, and whether and how the entity responded. Has this leak been secured? One certainly hopes so but their headline says the info is now public — as in still publicly available? One hopes not.

Today, I was reminded that their “exclusive research” wasn’t exclusive at all because someone else had not only discovered the same leak, but had taken the time and trouble to get it closed down and reported on it all before Cybernews reported what they called their exclusive research.

Here is the post from researcher JayeLTee on infosec.exchange on September 4:

US Data broker selling reports based on “public” records exposes databases with over 1.5TB of their own data publicly

On August 18th I got an alert for a server with over 1.5TB of data exposed. The next day I checked what this server contained and after checking some of the tables I started looking at who owned this so I could contact them.

Initially on my search I could see a lot of links to https://www.privaterecords.net/ but when I started looking at the user table, things got confusing. The initial admin accounts all belonged to @mc2data.com emails. Searching the company name I could find the owner’s LinkedIn but the website didn’t load for me and I couldn’t find anything else on them. I could also see each user was linked to a brand ID(name) and I could see 15 different brands (websites) that sell reports on public data, all similar to each other linked to each user. I don’t know if mc2data owns all these websites or what’s the connection, but I’ll list them all at the end and you can check them and see how they all look oddly similar.

For the contents inside of this server:

– User table with 2.3 million users, with first and last name, email, hashed passwords, plaintext credit card information (at least type, last 4 and expiry date), zip codes

– Over 100 million entries for people’s search info, some of which contained a wild amount of information (I saw entries with over 50 criminal records linked to 1 person) such as full names, previous and current addresses, neighbours and relatives data. SSN was also present in a lot of these results, the ones I checked had the last 4 digits of it missing, but I can’t confirm if that was the case for every SSN entry on this.

– Over 1 million notes that sometimes contained messages sent by their clients for updates, refunds, etc

– Over 200,000 emails sent to support of the various websites listed below

– Millions of entries for various types of tracking data they collect from their websites

I cannot verify if the data inside this was 100% accurate, but checking privaterecords.net reviews online they do seem to give a lot of wrong information on their lookups and a lot of people claim to have been charged by the website but never used it. Scamadviser has a Trustscore of 1 out of 100 for privaterecords.net.

On August 20th I contacted [email protected] and privaterecords.net support email and within a few hours this server was closed, I never got a reply from anyone on this though. I don’t know how long or if anyone grabbed the data while this was exposed.

The websites linked in this server:

https://www.privaterecords.net/
https://www.backgroundcheckers.net/
https://www.checksecrets.com/
https://www.inmatessearcher.com/
https://www.mugshotlook.com/
https://www.peoplesearch123.com/
https://www.peoplesearcher.com/
https://www.peoplesearchusa.org/
https://www.personsearchers.com/
https://www.privatereports.com/
https://www.publicsearcher.com/
https://www.sealedrecords.net/
https://www.secretinfo.org/
https://www.truthrecord.org/
https://www.weinform.org/

Either a lot of data scientists and engineers decided to band together and build different but oddly similar websites or maybe these are all owned by the same person/company, I can’t confirm any of it though.

 

 

 

 

 

 

 

 

 

 

 

 

 

Today, Cybernews updated its original story to include more details, but it seems almost certain that JayeLTee’s efforts resulted in the data being secured.

Category: Business SectorExposure

Post navigation

← US Capitol Hit by Massive Dark Web Cyber Attack: Reports
SANS Institute: Top 5 dangerous cyberattack techniques in 2024 →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.