On April 22nd, 2021, a hacker going by the online handle of Pompompurin leaked a database containing personal and sensitive household data of over 250 million (250,807,711) American citizens and residents.
As seen by Hackread.com, the database was leaked on a prominent hacker forum and comprises 263 GB worth of records including 1,255 CSV subfiles each with 200,000 listings.
Although, it is unclear who collected or owned the data, according to sources the leak came from open Apache SOLR hosted on Amazon Web Server. Additionally, the data was available on three different IP addresses all of which were accessed by the hacker before being removed or reassigned by its owner.
What Hackread.com can confirm is that the leaked information contains treasure trove data for cybercriminals and State-backed hackers. For instance:
- Full names
- Phone numbers
- Email addresses
- Date of birth
- Marital status
- House cost
- Home rent
- Home built year
- Credit capacity
- Home addresses
- Political affiliation
- Number of vehicles owned
- Salary and income details
- Number of pets in a house
- Number of children in a house.
The only good news is that there are no passwords in the leak.
Database on Russian hacker forums
Since it has been a week that the database was dumped online, Hackread.com has noticed that it is now being circulated on several Russian-speaking hacker forums along with Telegram chat groups.
Based on the ongoing diplomatic row between Russia and the United States over the SolarWinds hack, the leaked records are a treasure trove for malicious parties seeking data on American citizens.
Not for the first time
This however is not the first time when a trove of sensitive household data of US citizens and residents has been leaked online. In June 2017, a marketing firm employed by the Republican National Committee accidentally exposed data belonging to 200 million US citizens.
In December 2017, a California-based data analytics firm exposed household data in which personal and sensitive details of 123 million Americans were leaked due to a misconfigured AWS bucket.
Threats to victims
The leaked records now pose a threat to victims’ online privacy as well as physical security. While some can use the data to locate people, hackers and scammers can send phishing emails, carry out SMSishing, use the data to attempt SIM Swapping or identity scam.
Therefore, watch out if you receive an email from an unknown party emphasizing clicking on a link or logging in on a website. Additionally, do not click on links sent in the form of SMS.