A hacker who claims to have obtained more than ten million health records is selling the data to the highest bidder on the dark web.
The seller, who goes by the name "thedarkoverlord" began listing the data over the weekend, but could not be immediately contacted on Monday.
The largest batch of data, which the seller claims to contain a little over 9.2 million health insurance records from US patients, is on sale for 750 bitcoins. At Monday's rate, that's about $486,000. The data includes names, addresses, emails, phone numbers, dates of birth and social security numbers.
(Screenshot: ZDNet/CBS Interactive)
We couldn't verify the authenticity of the data contained in the seller's ad. The seller did not have any points to their name, unlike other known hackers, indicating that they are new to the site. News site Motherboard contacted some users who confirmed that their data was in a sample that was received.
Badly configured software used on thousands of machines can let hackers into thousands of machines.
The hacker said the data was stolen by exploiting an disclosed zero-day flaw in the remote desktop protocol (RDP), which can allow a user to remotely view another user's desktop.
It's not all that surprising, given that earlier this year a hacker exposed thousands of insecure desktops that anyone can remotely view, thanks to poorly-configured remote desktop software. In one case, we were able to see a computer used in a pediatricians's office, which contained personal details on hundreds of patients.
Another batch of data includes 207,000 records from an unnamed healthcare organization in the US midwest region, on sale for 170 bitcoins (about $110,100 at the time of writing).
The seller also claims to have close to 397,000 records from members in Atlanta, Georgia -- most of which are from Blue Cross Blue Shield and United Healthcare, which is being sold for 300 bitcoin (or about $194,000).
About the Author
0 comments: