J.D. Lowry Computer Service

Site hosting leaked celebrity data goes offline Not before leaking alleged credit report and personal information of CIA director John Brennan . » Add a comment By Lucian Constantin March 18, 2013 — IDG News Service — A site that published the private information and credit reports of several celebrities and other public figures last week went offline on Sunday. The last person to have his alleged private information exposed on the site was CIA director John Brennan.

Called "Exposed.su," the site was used by hackers last week to leak the addresses, birth dates, Social Security numbers and in some cases the credit reports of politicians, businessmen and celebrities, including former U.S. Secretary of State Hillary Clinton, U.S. First Lady Michelle Obama, U.S. Vice President Joe Biden, U.S. Attorney General Eric Holder, FBI Director Robert Mueller, Donald Trump, Bill Gates, Jay Z, Hulk Hogan, Paris Hilton and others.

On Friday the site published the supposed Social Security number, birth date, phone numbers, current and former addresses, as well as the personal credit report of CIA director John Brennan.

After the site went offline, many pages containing the leaked private information disappeared from Google's cache. However, cached versions of some of them, including those corresponding to Brennan, are still available for viewing through Microsoft's Bing search engine.

Last week, Exposed.su was using the global content delivery network of a San Francisco-based company called CloudFlare to stay online. The domain name still points to CloudFlare's name servers, but it's not clear if the current outage is the result of the U.S. company deciding to terminate its service for the site.

CloudFlare did not immediately respond to a request for comment sent Monday.

A spokesman for Equifax, one of the three main U.S. credit-rating agencies, said last week that the source for the leaked credit reports appears to have been "Annualcreditreport.com," a website that allows consumers to download free copies of their credit reports. The FBI is currently investigating the breach.

After Exposed.su went down on Sunday, some people tried to set up a copy at crimeopen.com. At the moment, the Web server behind that site responds with a "404 Not Found" error.

Bill Gates's social security number, address, credit report and more... published by hackers Join thousands of others, and sign up for Naked Security's newsletter

by Graham Cluley on March 14, 2013 | Leave a comment Filed Under: Celebrities, Featured, Hacked, Microsoft, Privacy

Bill Gates is the latest celebrity to have had his personal information published on a website that has exposed the social security numbers, addresses and personal financial information of a number of people in the public eye.

As with the leak earlier this week of personal data belonging to - amongst others - the likes of Kim Kardashian, Michelle Obama, and Beyoncé, it appears that the private information has been sourced from a trio of credit reporting companies - Experian, Equifax and TransUnion.

Although the FBI are said to be investigating who is behind the "Secret Files" website, it is currently still accessible.

And whoever is behind the mystery website has been busy continuing to update it - with personal information of more public figures including Mitt Romney, Tiger Woods, and R Kelly as well as the founder of Microsoft.

What still isn't clear is just how unauthorised parties managed to fraudulently access the records of well-known figures without authorisation.

One theory is that those behind the website were able to gather information on the internet about the celebrities, and then use that data to successfully impersonate their targets and access the credit histories.

No doubt, in time, we'll find out. But how many more celebrities will find themselves doxed in the meantime?

by Graham Cluley on March 12, 2013 | 7 Comments Filed Under: Celebrities, Featured, Hacked, Law & order, Privacy

What connects Kim Kardashian, US Vice President Joe Biden, Hillary Clinton, Mel Gibson, Michelle Obama, Ashton Kutcher, Jay Z, Beyoncé, Paris Hilton, Britney Spears, Sarah Palin, Hulk Hogan, Donald Trump and Arnold Schwarzenegger?

They, and other public figures, appear to have had their personal information and credit reports (including social security numbers, details of their mortgages, addresses, and details of their credit card and banking details) published by a group of hackers on a new website.

Clearly alarm bells have rung about the danger of identity theft.

And do you know what the hackers did to really rub the authorities nose in it?

They included in their list of victims the head of the Los Angeles police force Charlie Beck and FBI Director Robert Mueller.

The Secret Files - "If you believe that God makes miracles, you have to wonder if Satan has a few up his sleeve."

This isn't the kind of data we normally see leaked out onto the internet about celebrities. It's become more common to see hackers steal nude photos of Scarlett Johansson or Carley Rae Jepsen and publish them on the net to embarrass celebrities.

Well, the credit reports and social security numbers of public figures may not be as likely to catch the attention of the tabloids as leaked nude pics, but is nonetheless still a concern for those who have fallen victim.

The obvious question is - who is behind the website?

Frankly, there's not much to go on.

We have seen two tweets written in Russian from an account which appears to be associated with the site, and the words on the newly created website itself.

It looks as though the hackers have been adding more stolen personal information to the site over time, which might suggest that there could still be more to come.

The nature of the content - names, social security numbers, previous addresses, dates of birth, etc - suggest that a credit agency might have been compromised in some fashion. Whether an agency was actually hacked, compromised in some other fashion, or whether an insider within the organization leaked the data, is impossible to say at this point.

We shouldn't also be too quick to conclude that just because the web address (which we are choosing not to repeat here) ends in .su, or the language used in the tweets is Russian, that the hackers come from that part of the world.

After all, it could be a deliberate smokescreen by the hackers to send investigators off the trail.

One word of caution - websites claiming to contain private information about celebrities are likely to receive a lot of traffic from curious members of the public, and some in the media may publish the web address.

Computer users, however, should be extremely careful about visiting such sites. After all, it would be trivial to plant a boobytrapped PDF on the site designed to infect visiting computers.

Over the last year or two we have seen many dangerous and cybercriminal websites switch from using .ru addresses to .su - where they are less closely regulated.

Update: Equifax and TransUnion say hackers stole celebrity reports