Hackers managed to steal millions of social security numbers by hacking into the networks of large US data brokers. Many famous names, including US First Lady Michelle Obama, were exposed to the attack.

An investigation was done by the FBI and US Secret Service, aided by the journalist Brian Krebs. What they discovered was that hackers were running an online market for confidential data. They obtained data by cracking computers that were on the data broker’s corporate networks.

Michelle Obama

It started back in March, when it was found that a website named exposed.su was getting hold of social security numbers and personal information of famous Americans including Bill Gates, Beyonce Knowles, Jay-Z and Ashton Kutcher, to name a few.

Exposed.su was obtaining its information from another site called SSNDOB, which was selling data records of individuals for 50 cents. It is thought that around four million Americans have been affected.

Krebs reported in early summer of this year that the site SSNDOB had actually been attacked and its database stolen, copied and shared.

After further investigation by Krebs and forensic computer expert Alex Holden of Hold Security, it was found that the ID data that had been sold came from machines on the internal networks of LexisNexis, Dun & Bradstreet and Kroll. The hackers were actually able to run their own queries about individuals through the databases of these firms.

“All three victim companies said they are working with federal authorities and third-party forensics firms in the early stages of determining how far the breaches extend,” wrote Krebs on his blog.

LexisNexis issued a statement denying that its information was exposed.

“To date [we] have found no evidence that customer or consumer data were reached or retrieved,” said the statement.

The FBI has confirmed that it is investigating the breaches discovered by Krebs but so far no other details have been released.

[Image via SF Examiner]

SOURCE: http://www.bbc.co.uk/news/technology-24284277