Privacy News Hacker Puts 9.3 Million Records Up for Sale from Healthcare Insurance Company

Exterminator

Level 85
Thread author
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
TheDarkOverlord, a hacker who put over 650,000 patient records up for sale yesterday, has published a new listing he claims contains the database dump of a US healthcare insurance provider, which holds details on 9,278,352 Americans.

He is selling the data for 750 Bitcoin (~$490,000) on The Real Deal, a Dark Web marketplace where different hackers have converged lately to sell such data dumps.

The listing's high price can be justified by the hacker's promise to sell the data only to one client.

Database is 2 GB in size, contains 9,278,352 records
According to the listing, the database seems to contain user details such as first name, last name, address, city, state, ZIP code, email address, home and cell phone numbers, dates of birth, and Social Security numbers.

The hacker previously put up three other databases for sale, which he claims to have stolen from three other healthcare organizations across the US.

TheDarkOverlord is selling a database of 47,864 records from a healthcare organization from Farmington, Missouri; 207,572 records from an organization from the Central/Midwest US; and 396,458 records from a healthcare organization from Atlanta, Georgia.

All databases have a similarly high price and are also sold as exclusives to the first buyer. Currently, the listings are still up for sale.

Hacker claims he used RDP zero-day to hack healthcare organization
Just like with yesterday's listings, the hacker is claiming to have breached the healthcare insurer using a zero-day in the RDP (Remote Desktop Protocol).

"This product is an extremely large database in plaintext from a large insurance healthcare organization in the United States," the hacker writes in his listing. "It was retrieved using a 0day within the RDP protocol that gave direct access to this sensitive information."

It is unclear if it's an older zero-day that's already fixed, but the organization didn't patch its systems, or a new zero-day, which the RDP project does not know about.
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Who will dare to buy a piece of records when prices is ridiculous?

I understand the efforts however worse compare to ransom where even authorities paid up for the sake to decrypt files.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top