Month: August 2024

Security researcher Brian Krebs writes: New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans’ Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available from its homepage until today. In April, a cybercriminal named USDoD began selling data stolen from NPD. In July, someone leaked what was taken, including the names, addresses, phone numbers and in some cases email addresses for more than 272 million people (including many who are now deceased). NPD acknowledged the intrusion on Aug. 12, saying it dates back to a security incident in December 2023. In an interview last week, USDoD blamed the July data leak on another malicious hacker who also had access to the company’s database, which they claimed has been floating around the underground since December 2023.

Following last week’s story on the breadth of the NPD breach, a reader alerted KrebsOnSecurity that a sister NPD property — the background search service recordscheck.net — was hosting an archive that included the usernames and password for the site’s administrator. A review of that archive, which was available from the Records Check website until just before publication this morning (August 19), shows it includes the source code and plain text usernames and passwords for different components of recordscheck.net, which is visually similar to nationalpublicdata.com and features identical login pages. The exposed archive, which was named “members.zip,” indicates RecordsCheck users were all initially assigned the same six-character password and instructed to change it, but many did not. According to the breach tracking service Constella Intelligence, the passwords included in the source code archive are identical to credentials exposed in previous data breaches that involved email accounts belonging to NPD’s founder, an actor and retired sheriff’s deputy from Florida named Salvatore “Sal” Verini.

Reached via email, Mr. Verini said the exposed archive (a .zip file) containing recordscheck.net credentials has been removed from the company’s website, and that the site is slated to cease operations “in the next week or so.” “Regarding the zip, it has been removed but was an old version of the site with non-working code and passwords,” Verini told KrebsOnSecurity. “Regarding your question, it is an active investigation, in which we cannot comment on at this point. But once we can, we will [be] with you, as we follow your blog. Very informative.” The leaked recordscheck.net source code indicates the website was created by a web development firm based in Lahore, Pakistan called creationnext.com, which did not return messages seeking comment. CreationNext.com’s homepage features a positive testimonial from Sal Verini.

Read more of this story at Slashdot.

Security researcher Brian Krebs writes: New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans’ Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available from its homepage until today. In April, a cybercriminal named USDoD began selling data stolen from NPD. In July, someone leaked what was taken, including the names, addresses, phone numbers and in some cases email addresses for more than 272 million people (including many who are now deceased). NPD acknowledged the intrusion on Aug. 12, saying it dates back to a security incident in December 2023. In an interview last week, USDoD blamed the July data leak on another malicious hacker who also had access to the company’s database, which they claimed has been floating around the underground since December 2023.

Following last week’s story on the breadth of the NPD breach, a reader alerted KrebsOnSecurity that a sister NPD property — the background search service recordscheck.net — was hosting an archive that included the usernames and password for the site’s administrator. A review of that archive, which was available from the Records Check website until just before publication this morning (August 19), shows it includes the source code and plain text usernames and passwords for different components of recordscheck.net, which is visually similar to nationalpublicdata.com and features identical login pages. The exposed archive, which was named “members.zip,” indicates RecordsCheck users were all initially assigned the same six-character password and instructed to change it, but many did not. According to the breach tracking service Constella Intelligence, the passwords included in the source code archive are identical to credentials exposed in previous data breaches that involved email accounts belonging to NPD’s founder, an actor and retired sheriff’s deputy from Florida named Salvatore “Sal” Verini.

Reached via email, Mr. Verini said the exposed archive (a .zip file) containing recordscheck.net credentials has been removed from the company’s website, and that the site is slated to cease operations “in the next week or so.” “Regarding the zip, it has been removed but was an old version of the site with non-working code and passwords,” Verini told KrebsOnSecurity. “Regarding your question, it is an active investigation, in which we cannot comment on at this point. But once we can, we will [be] with you, as we follow your blog. Very informative.” The leaked recordscheck.net source code indicates the website was created by a web development firm based in Lahore, Pakistan called creationnext.com, which did not return messages seeking comment. CreationNext.com’s homepage features a positive testimonial from Sal Verini.

Read more of this story at Slashdot.

Read More 

Waymo has unveiled its sixth-generation robotaxi, an electric minivan made by Chinese automaker Zeekr. While the company claims it’s more advanced than previous generations, it features fewer sensors to help reduce costs. The Verge reports: [W]ithin its high-powered computer, it contains all the learnings of the previous five generations of Waymo’s autonomous vehicles, meaning it won’t have to do as much real-world testing as past models before it can be rolled out to the public. But looming over Waymo’s assertion that its new robotaxi will be cheaper to produce is the possibility that it could also be subject to costly new tariffs against Chinese-made electric vehicles. Earlier this year, the Biden administration said it would quadruple tariffs on EVs from China to 100 percent, from the current 25 percent, as a way to “protect American workers and American companies from China’s unfair trade practices.” […]

Waymo says the sixth-gen robotaxi will feature a streamlined sensor suite of “16 cameras, 5 lidar, 6 radar, and an array of external audio receivers (EARs).” These sensors will help provide “overlapping fields of view, all around the vehicle, up to 500 meters away, day and night, and in a range of weather conditions.” That’s the equivalent of over five football fields of visible range. Waymo’s use of multiple sensors is important for redundancy, in which multiple sensors and cameras can ensure the vehicle can continue to detect and respond to its surroundings if something fails. It’s unclear where and when the new sixth-gen robotaxis will first appear. “Waymo currently operates in Phoenix, San Francisco, and Los Angeles, with plans to launch commercial service in Austin, Texas,” notes the report. “The company has been manually testing the Zeekr-made minivans on public roads, with the goal of adding them to its commercial fleet sometime soon.”

Read more of this story at Slashdot.

Waymo has unveiled its sixth-generation robotaxi, an electric minivan made by Chinese automaker Zeekr. While the company claims it’s more advanced than previous generations, it features fewer sensors to help reduce costs. The Verge reports: [W]ithin its high-powered computer, it contains all the learnings of the previous five generations of Waymo’s autonomous vehicles, meaning it won’t have to do as much real-world testing as past models before it can be rolled out to the public. But looming over Waymo’s assertion that its new robotaxi will be cheaper to produce is the possibility that it could also be subject to costly new tariffs against Chinese-made electric vehicles. Earlier this year, the Biden administration said it would quadruple tariffs on EVs from China to 100 percent, from the current 25 percent, as a way to “protect American workers and American companies from China’s unfair trade practices.” […]

Waymo says the sixth-gen robotaxi will feature a streamlined sensor suite of “16 cameras, 5 lidar, 6 radar, and an array of external audio receivers (EARs).” These sensors will help provide “overlapping fields of view, all around the vehicle, up to 500 meters away, day and night, and in a range of weather conditions.” That’s the equivalent of over five football fields of visible range. Waymo’s use of multiple sensors is important for redundancy, in which multiple sensors and cameras can ensure the vehicle can continue to detect and respond to its surroundings if something fails. It’s unclear where and when the new sixth-gen robotaxis will first appear. “Waymo currently operates in Phoenix, San Francisco, and Los Angeles, with plans to launch commercial service in Austin, Texas,” notes the report. “The company has been manually testing the Zeekr-made minivans on public roads, with the goal of adding them to its commercial fleet sometime soon.”

Read more of this story at Slashdot.

Read More