230 Million Records Belonging to US Citizens for Sale on Database Sharing Platform

###### Category Adversary Intelligence
###### Affected Industries Unknown
###### Affected Region(s) US
###### Data Fields Email Address, Mobile number, Address, Income

Discovery of the Leak

CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post, on a surface web database marketplace, advertising the data of 230 million records belonging to US citizens.

The post was published on 22 April 2021. The poster claims that the 263 GB file contains 59 million unique email addresses and has highlighted that the leak does not contain any passwords.

Post shared by threat actor

Contents of the Leak

The leaked database contains the following data fields:

  • HH_ID
  • ID
  • First_Name_01
  • Alphafirstname_sort
  • Phonetic_First_Name
  • Middle_Name_01
  • Last_Name_01
  • Alphalastname_sort
  • Phonetic_Last_Name
  • Address
  • Alphaaddress_sort
  • City
  • CITY_PHRASE
  • Alphacity_sort
  • Cities

There are 59 million unique emails present in the database are distributed across the following domains:

image

Data Verification and Validation

The sample data is currently being validated. Multiple other actors on the forum have claimed this data is part of the SolarWinds attack.

Another threat actor has posted a thread advertising SolarWinds/ NSA data. The data schema of the second actor’s post matches that of the original poster. However, the original threat actor has denied these claims, referring to them as conspiracies.

1 Like