250 Million Americans Sensitive Data Leaked Online by Pompompurin

As of 22nd April 2021, a Pompompurin named hacker group dropped a database of more than 250 (250,806,711) million American citizens and residents which included their personal and sensitive household information. 

The database that was published on a popular hacker forum, included 263 GB of documents, each with 200,000 CSV subfiles. Although the origin of the leak comes from open Apache SOLR on Amazon Web Server, it is not clear who obtained or managed the data. Besides, three separate IP addresses were made accessible for the data which is something the hacker obtained before its owner disabled or reassigned them. 

The stolen information is nothing short of a treasure trove for cybercriminals and state-supported hackers as it contained massive amounts of information such as full names, telephone numbers, mailing addresses, DOB, Status of marriage, home developed year, Zip code, gender, house rental, home address, credit capability, political participation, number of proprietary cars, details on wages and taxes, number of domestic animals, children’s numbers in a home. However, the leak didn’t contain any passwords. 

After the database had been leaked online for a whole week, it was then exposed alongside Telegram chat groups on even several Russian-speaking hacker forums. 

The leaked documents are a treasure trove among malicious people looking for US civilians based on the ongoing diplomatic line-up between Russia and the United States over the SolarWinds hack. 

Moreover, this is not the first instance that US people and residents have been unveiled with a collection of confidential household data online. Data of 200 million people from the US was mistakenly disclosed by a marketing agency in June 2017. Further in December 2017, a data analytics company based in California revealed household data, in which 123 million Americans were compromised due to an AWS bucket that was not properly installed. 

The leaked documents now constitute a threat to the confidentiality and physical protection of victims online. Although some may use the data to find people, hackers and scammers may send phishing emails, SMS, and use the data to try SIM swapping or other identity frauds. However, if an unknown party sends users an email emphasizing clicking on a connection or logging in then they must not click on the links sent as Text messaging.