June 28, 2016 update: Same hacker, New Breach: Healthcare Insurer Database Of 9.3M Records is Up for sale!
When Paul Syverson, Co-creator of the Tor web browser said that Your Medical Records Have Bullseyes On Them, he probably meant this. According to to what the hacker told us over an encrypted Jabber conversation, he used a “an exploit in how companies use RDP. So it is a very particular bug. The conditions have to be very precise for it “.
The hacker provided DeepDotWeb, with exclusive images of the largest database hack from their internal network, he made sure to redact all the identifiable information “so the target company can remain anonymous for now”:
The hacker, called thedarkoverlord (trdealmgn4uvm42g.onion/profile/32184), operating on TheRealDeal martet is offering to sell a unique one-off copy of each the three databases which are ranging in price from 151BTC (~100,000$) to 607BTC (~395,000$):
- Healthcare Database (48,000 Patients) from Farmington, Missouri, United States (June 29th update: this was later named as Midwest Orthopedic Clinic) – “a considerably large database in plaintext from a healthcare organization in Farmington, Missouri, United States. It was retrieved from a Microsoft Access database within their internal network using readily available plaintext usernames and passwords”
- Healthcare Database (210,000 Patients) from Central/Midwest United States – “a very large database in plaintext from a healthcare organization in the Central/Midwest United States. It was retrieved from a severely misconfigured network using readily available plaintext usernames and passwords.”
- Healthcare Database (397,000 Patients) from Georgia, United States – “a very large database in plaintext from a healthcare organization in the state of Georgia. It was retrieved from an accessible internal network using readily available plaintext usernames and passwords.”
The hacker himself requested to add a note to the breached companies:
Next time an adversary comes to you and offers you an opportunity to cover this up and make it go away for a small fee to prevent the leak, take the offer. There is a lot more to come.
We will be following and updating.