One of the most active sellers of Social Security numbers, background information and credit reports in the cybercrime underground has accessed data from hacked accounts at the US consumer data broker USinfoSearchKrebsOnSecurity learned.
A service advertised on Telegram has been accessed since at least February 2023 USiSLookups has operated an automated bot that allows anyone to look up the SSN or background report of virtually any American. For prices ranging from $8 to $40, paid via virtual currency, the bot automatically provides detailed consumer background reports in moments.
USiSLookups is the project of a cybercriminal who uses the nicknames JackieChan/USInfoSearchand the Telegram channel for this service offers a small number of sample background reports, including that of President Joe Bidenand podcasters Joe Rogan. Data in these reports includes the individual's date of birth, address, previous addresses, previous telephone numbers and employers, known relatives and co-workers, and driver's license information.
JackieChan's service misappropriates the name and trademarks of the Columbus, Ohio-based data broker USinfoSearchits website states that it provides “identity and background information to assist with risk management, fraud prevention, identity and age verification, skip tracing and more.”
“We specialize in non-FCRA data from numerous proprietary sources to give you the information you need, when you need it,” the company says on its website. “Our services include API-based access for those integrating data into their product or application, as well as bulk and batch processing of datasets for each customer.”
Luckily, my report was also listed on this identity fraud service's Telegram channel, presumably as a teaser for potential customers. On October 19, 2023, KrebsOnSecurity shared a copy of this file with the real USinfoSearch along with a request for information about the origin of the data.
USinfoSearch said it would investigate the report, which appears to have been received on or before June 30, 2023. On November 9, 2023 Scott HostettlerGeneral Manager of the parent company USinfoSearch Martin Data LLC shared a written statement about its investigation, which indicated that the identity theft service attempted to pass off someone else's consumer data as coming from USinfoSearch:
In light of the Telegram incident, we understand the importance of protecting sensitive information and maintaining the trust of our users is our top priority. Any allegation that we have shared data with criminals is in direct contradiction to our core principles and the safeguards we have in place and continually monitor to prevent unauthorized disclosure. Because Martin Data is known for its high quality data, thieves can steal data from other sources and then disguise it as our data. Although we take appropriate security measures to ensure that our information is only accessible to those who are legally permitted to do so, unauthorized persons will continue to attempt to access our information. Fortunately, the requirements required to pass our certification process are high, even for established, honest companies.
USinfoSearch's statement did not answer questions for the company, such as whether multi-factor authentication is required for customer accounts or whether my report actually came from USinfoSearch's systems.
After much back and forth, Hostettler admitted on November 21 that the identity fraud service USinfoSearch on Telegram had indeed obtained data from an account belonging to a verified USinfoSearch customer.
“I know 100% that my company did not provide access to the group that created the bots, but they did gain access to a customer,” Hostettler said of the Telegram-based identity fraud service. “I apologize for any inconvenience this may cause.”
Hostettler said USinfoSearch thoroughly vets all new potential customers and all users are required to undergo a background check and provide certain documents. Still, he said, several fraudsters each month pose as credible business owners or C-level executives during the accreditation process by filling out the application and providing the necessary documentation to open a new account.
“The level of skill and craftsmanship that went into creating these receipts is incredible,” said Hostettler. “The numerous licenses provided appear to be exact replicas of the original document. Luckily, I discovered several verification methods that don’t just rely on these documents to catch the scammers.”
“These people are relentless and act without regard for the consequences,” Hostettler continued. “After I deny them access, they will contact us again within the week with the same credentials. In the past, I have notified both the person whose identity was used fraudulently and the local police. Both are hesitant to act because nothing can be done to the perpetrator if he is not caught. This is where the greatest attention is required.” Read more
Comments are closed.