Second data broker platform affiliated to National Public Data leaks admin credentials

The breach of National Public Data which supposedly exposed 2.9 billion individuals is exacerbated by a data leak of another data broker affiliated with NPD.

A zip file named "members.zip" was freely available on a sister NPD website (RecordsCheck.net) and contained the source code, usernames, and passwords in plain text, some of which were shared across multiple services. The exposed credentials matched those from previous breaches involving accounts tied to NPD’s founder, Salvatore "Sal" Verini. Verini confirmed that the file had been removed and claimed the site will cease operations soon.

The exposed RecordsCheck archive was created by a Pakistani development firm, CreationNext.com, which was responsible for setting up the RecordsCheck site. The same firm has been linked to other potentially vulnerable systems connected to the breach.

The leaked data is already circulating through cybercriminal networks, which often rely on compromised accounts from brokers that supply law enforcement and private investigators.