{"id":25236,"date":"2024-09-23T13:10:08","date_gmt":"2024-09-23T21:10:08","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2024\/09\/23\/news-18966\/"},"modified":"2024-09-23T13:10:08","modified_gmt":"2024-09-23T21:10:08","slug":"news-18966","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2024\/09\/23\/news-18966\/","title":{"rendered":"100 million+ US citizens have records leaked by background check service"},"content":{"rendered":"\n<p>A background check left a huge database unprotected online containing 2.2TB of people&#8217;s data, according to research by <a href=\"https:\/\/cybernews.com\/security\/us-mc2-background-check-data-leak\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Cybernews<\/a>.<\/p>\n<p>The database was left passwordless and easily accessible to anyone on the internet by background check firm MC2 Data. MC2 Data gathers publicly available data to provide decision makers with information whether someone can rent a house, work at their firm, or be granted a loan.<\/p>\n<p>The data is usually gathered from online sources like criminal records, employment history, family data, and contact details.<\/p>\n<p>Just like the huge <a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2024\/08\/national-public-data-leaked-passwords-online\">National Public Data breach<\/a>, this is another example of companies that most of us have never heard having extensive databases with an enormous amount of personal data. In this case, the researchers found 106,316,633 records containing private information about US citizens.<\/p>\n<p>Cybernews estimates that at least 100 million individuals are affected, meaning approximately one in three US citizens can expect to find their data in the data set.<\/p>\n<p>The websites that MC2 Data operates include:<\/p>\n<ul>\n<li>PrivateRecords<\/li>\n<li>PrivateReports<\/li>\n<li>PeopleSearcher<\/li>\n<li>ThePeopleSearchers<\/li>\n<li>PeopleSearchUSA<\/li>\n<\/ul>\n<p>And the leaked data included:<\/p>\n<ul>\n<li>Names<\/li>\n<li>Emails<\/li>\n<li>IP addresses<\/li>\n<li>User agents<\/li>\n<li>Encrypted passwords<\/li>\n<li>Partial payment information<\/li>\n<li>Home addresses<\/li>\n<li>Dates of birth<\/li>\n<li>Phone numbers<\/li>\n<li>Property records<\/li>\n<li>Legal records<\/li>\n<li>Property records<\/li>\n<li>Family, relatives, neighbors data<\/li>\n<li>Employment history<\/li>\n<\/ul>\n<p>To make things even worse, the data of 2,319,873 users who subscribed to MC2 Data services were leaked as well.<\/p>\n<p>It is incomprehensible that services like these are allowed to exist without any kind of control or sense of responsibility. Regardless of all the regulations and laws these companies need to abide by, we find time and again that their security measures are below par.<\/p>\n<p>As the researchers put it:<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cWhile background-check services keep trying to prevent such cases, they haven&#8217;t been able to stop such use of their services completely. Such a leak is a goldmine for cybercriminals as it eases access and reduces risk for them, allowing them to misuse these detailed reports more effectively.\u201d<\/p>\n<\/blockquote>\n<h2 class=\"wp-block-heading\" id=\"h-protecting-yourself-after-a-data-breach\">Protecting yourself after a data breach<\/h2>\n<p>There are some actions you can take if you are, or suspect you may have been, the&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/blog\/personal\/2023\/09\/involved-in-a-data-breach-heres-what-you-need-to-know\">victim of a data breach<\/a>.<\/p>\n<ul>\n<li><strong>Check the vendor\u2019s advice.<\/strong>&nbsp;Every breach is different, so check with the vendor to find out what\u2019s happened, and follow any specific advice they offer.<\/li>\n<li><strong>Change your password.<\/strong>&nbsp;You can make a stolen password useless to thieves by changing it. Choose a&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/computer\/how-to-create-a-strong-password\" target=\"_blank\" rel=\"noreferrer noopener\">strong password<\/a>&nbsp;that you don\u2019t use for anything else. Better yet, let a&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/what-is-password-manager\" target=\"_blank\" rel=\"noreferrer noopener\">password manager<\/a>&nbsp;choose one for you.<\/li>\n<li><strong>Enable two-factor authentication (2FA).<\/strong>&nbsp;If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/glossary\/multi-factor-authentication-mfa\" target=\"_blank\" rel=\"noreferrer noopener\">two-factor authentication (2FA)<\/a>&nbsp;can be phished just as easily as a password. 2FA that relies on a FIDO2 device can\u2019t be phished.<\/li>\n<li><strong>Watch out for fake vendors.<\/strong>&nbsp;The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify the&nbsp;identity of anyone who contacts you&nbsp;using a different communication channel.<\/li>\n<li><strong>Take your time.<\/strong>&nbsp;Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.<\/li>\n<li><strong>Consider not storing your card details<\/strong>. It\u2019s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.<\/li>\n<li><strong>Set up identity monitoring.<\/strong>&nbsp;<a href=\"https:\/\/go.cyrus.app\/MN4j\/fkkekmw9\" target=\"_blank\" rel=\"noreferrer noopener\">Identity monitoring<\/a>&nbsp;alerts you if your personal information is found being traded illegally online, and helps you recover after.<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\" id=\"h-check-your-digital-footprint\"><strong>Check your digital footprint<\/strong><\/h2>\n<p>If you want to find out what personal data of yours has been exposed online, you can use our&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/digital-footprint\">free Digital Footprint scan<\/a>. Fill in the email address you\u2019re curious about (it\u2019s best to submit the one you most frequently use) and we\u2019ll send you a free report.<\/p>\n<div class=\"wp-block-malware-bytes-button mb-button\" id=\"mb-button-7ba16f0b-04e8-4679-9512-2f21a0971dcf\">\n<div class=\"mb-button__row u-justify-content-center\">\n<div class=\"mb-button__item mb-button-item-0\">\n<p class=\"btn-main\"><a href=\"https:\/\/www.malwarebytes.com\/digital-footprint?utm_source=blog&amp;utm_medium=social&amp;utm_campaign=b2c_pro_acq_fy25dfplaunch_171269600960&amp;utm_content=V1\"><\/a><a href=\"https:\/\/www.malwarebytes.com\/digital-footprint\">SCAN NOW<\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-wide\" \/>\n<p><strong>We don&#8217;t just report on threats &#8211; we help safeguard your entire digital identity<\/strong><\/p>\n<p>Cybersecurity risks should never spread beyond a headline. Protect your\u2014and your family&#8217;s\u2014personal information by using <a href=\"https:\/\/www.malwarebytes.com\/identity-theft-protection\">identity protection<\/a>.<\/p>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2024\/09\/100-million-us-citizens-have-records-leaked-by-background-check-service\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p> A background check service called MC2 Data has leaked information of over 100 million US citizens in an unprotected online database. <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[31936,31937,31938,32,5897],"class_list":["post-25236","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-background-check","tag-data-scraper","tag-mc2-data","tag-news","tag-privacy"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/25236","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=25236"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/25236\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=25236"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=25236"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=25236"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}