A significant data breach has surfaced, involving MC2, a company that operates popular background-check websites like PrivateRecords.net and PeopleSearcher. Over 100 million Americans have been affected by this alarming data exposure, which left sensitive personal information unprotected and easily accessible online.
Unsecured Database Exposes 2.2TB of Data
Cybernews researchers discovered an unsecured MC2 database that contained 2.2 terabytes of personal data. This exposed information includes private records for over 100 million U.S. citizens. The database remained vulnerable and accessible on the internet without password protection, leading to a major privacy breach.
In addition to U.S. citizens’ data, approximately 2.3 million records belonging to MC2 Data’s subscribers were also compromised. Subscribers of the company’s background-check services, which are widely used by employers and landlords to verify personal information, were not spared in this security lapse.
A Recurring Issue for Background-Check Companies
The MC2 data breach comes on the heels of a similar incident earlier this year at National Public Data, another background-check provider. That breach exposed the personal data of nearly 3 billion individuals globally, highlighting ongoing vulnerabilities in the background-check industry.
The sensitive nature of the data handled by these services makes such breaches particularly damaging. MC2’s leak has exposed a wide range of personal and personally identifiable information (PII), including:
- Full names
- Email addresses
- Home addresses
- IP addresses
- User agents
- Encrypted passwords
- Partial payment information
- Dates of birth
- Phone numbers
- Property records
- Legal documents
- Employment history
- Family and neighbors’ data
Given the extensive details involved, the risks to privacy and safety for affected individuals are severe.
The Growing Risks of Data Misuse
Background-check services, which are intended to provide valuable information for employers, landlords, and other professionals, are increasingly becoming targets for cybercriminals. According to Cybernews security researcher Aras Nazarovas, cybercriminals often purchase data from such services to profile potential victims.
Nazarovas explains that these services, despite their efforts, haven’t been able to fully prevent misuse. In the case of the MC2 breach, cybercriminals now have easier access to a wealth of personal information, which could be exploited for various malicious purposes such as identity theft, fraud, or extortion. The consequences of such breaches can be far-reaching, not just for the individuals involved but also for the company responsible.
Discovery of MC2’s Exposed Database
The MC2 database was discovered on August 7th by Cybernews researchers. They identified that the database, containing vast amounts of sensitive information, was left unsecured and accessible to anyone on the internet. Despite repeated attempts to contact MC2 about the security flaw, Cybernews did not receive any response from the company.
However, the database was eventually secured, suggesting that MC2 may have taken action following the researchers’ discovery. It remains unclear whether any malicious actors gained access to the data before it was secured. As of now, there is no definitive evidence that the exposed data has been misused by cybercriminals, but the lack of response from MC2 raises concerns about the company’s accountability and transparency.
Consequences for Data Leaks and the Need for Better Protection
Incidents like this highlight the urgent need for stronger data protection measures in industries handling sensitive information. For MC2, the fallout from this breach could be extensive, involving potential regulatory action, civil lawsuits, and significant reputational damage. Background-check services that fail to protect their customers’ data may also face hefty fines under privacy laws, such as the GDPR and CCPA, if they operate in regions where these regulations apply.
In addition, affected individuals are at risk of privacy invasion, financial loss, and personal safety threats. A breach of this scale demands attention from both the public and regulatory bodies to ensure that companies like MC2 are held accountable for their negligence.
Securing Vulnerable Data: The Role of Technology
The MC2 breach underscores the critical importance of implementing security solutions to prevent unauthorized access to sensitive data. Companies can benefit from advanced scanning tools, such as Cyble’s ODIN scanner, which currently tracks thousands of exposed databases across platforms like AWS and Google Cloud. These tools provide early warnings about potential vulnerabilities, giving businesses a chance to address issues before they escalate into full-blown breaches.
In a world where data is one of the most valuable commodities, it is vital for organizations to prioritize the protection of personal information. The MC2 breach serves as a stark reminder of the potential risks when companies fail to safeguard their users’ data adequately.
Discover more from Open Security Labs
Subscribe to get the latest posts sent to your email.
