ID Theft Service Resold Access to USInfoSearch Data – Krebs on Security

neub9
By neub9
3 Min Read

USiSLookups Cybercriminal Exploits USinfoSearch Data

One of the most active sellers of Social Security numbers, background, and credit reports in the cybercrime underground has been utilizing data from hacked accounts at the U.S. consumer data broker USinfoSearch, according to findings by KrebsOnSecurity.

Since at least February 2023, an automated bot service named USiSLookups has been operating on Telegram, offering Social Security numbers and background reports for prices ranging from $8 to $40, payable via virtual currency. The bot can quickly and automatically return detailed consumer background reports for virtually any American.

USiSLookups is run by a cybercriminal using the aliases JackieChan/USInfoSearch. The Telegram channel for this service features a small number of sample background reports, including those of President Joe Biden and podcaster Joe Rogan. The data in these reports includes the subject’s date of birth, address, previous addresses, previous phone numbers and employers, known relatives and associates, and driver’s license information.

This service abuses the name and trademarks of USinfoSearch, which says it provides “identity and background information to assist with risk management, fraud prevention, identity and age verification, skip tracing, and more.” The company’s website explains that it specializes in non-FCRA data from numerous proprietary sources to deliver the information customers need.

KrebsOnSecurity shared a copy of the data involved with USinfoSearch, who later found the data to have been obtained on or before June 30, 2023. USinfoSearch parent company Martin Data LLC has stated that the identity fraud service was accessing data from an account belonging to a vetted client, rather than directly from USinfoSearch. The company heavily vets new clients, but acknowledges that fraudsters can be very skilled at impersonating credible business owners or executives.

In addition to abusing stolen API credentials for the real USinfoSearch, JackieChan also sells access to hacked email accounts belonging to law enforcement personnel in the United States and abroad. These hacked email accounts can be used by identity thieves to pose as law enforcement officials seeking consumer data through fraudulent “Emergency Data Requests.”

In response to an increase in fraudulent Emergency Data Requests, service providers have implemented systems such as Kodex to filter requests and verify the authenticity of law enforcement credentials and requests.

Share This Article
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *