Major 'National Public Data' Leak Worse Than Expected With Passwords Stored in Plain Text - MacRumorsOpen MenuShow RoundupsShow Forums menuVisit ForumsOpen Sidebar
Skip to Content

Major 'National Public Data' Leak Worse Than Expected With Passwords Stored in Plain Text

by

Earlier this month, data broker National Public Data (NPD) announced that there had been a major data breach that saw hackers obtain millions of names, email addresses, phone numbers, social security numbers, and mailing addresses stored in its database. NPD is a company that does employee background checks, aggregating public data from numerous sources and selling it.

apple security banner
NPD's security was clearly lacking to allow for the breach in the first place, but a new report from KrebsOnSecurity suggests that an NPD sister site made an even more grievous error, hosting an easily accessible plaintext archive with usernames and passwords.

RecordsCheck.net, a site affiliated with NPD that hosts much of the same information, had a "members.zip" file that was downloadable until yesterday. It had source code and plain text usernames and passwords for RecordsCheck users, including logins belonging to NPD's founder, Salvatore Verini. The logins that were made available through RecordsCheck allowed access to the same data that was available via NPD.

After being alerted by KrebsOnSecurity, RecordsCheck removed the file, and NPD is shutting down the site, according to Verini. He told the KrebsOnSecurity that the file had an "old version of the site with non-working code and passwords."

There are websites that are available to see if your information was leaked in the NPD breach, and it is advisable to lock down your credit.

The NPD leak included decades of information, including data from people who are now deceased. 137 million email addresses were leaked, as were 272 million social security numbers. A lawsuit has since been filed against NPD.

Popular Stories

iOS 27 on iPhone 17 1

iOS 27 Will Add These New Features to Your iPhone

Saturday May 2, 2026 8:43 am PDT by
Apple is expected to unveil iOS 27 during its WWDC 2026 keynote on June 8, and there are already many rumored features and changes for iPhones. The first developer beta of iOS 27 will likely be available immediately following the keynote, and a public beta typically follows in July. Following beta testing, the software update should be released to all users with a compatible iPhone in...
Read Full Article94 comments
Apple Event Logo

Apple Just Released a New Accessory

Monday May 4, 2026 8:13 am PDT by
Apple today released a new Pride Edition Sport Loop for the Apple Watch. The band features a rainbow design with 11 colors of woven nylon yarns. The new Pride Edition Sport Loop is available to order now on Apple.com and in the Apple Store app in 40mm, 42mm, and 46mm sizes, and it will be available at Apple Store locations starting later this week. In the U.S., the band costs $49. There...
Read Full Article
Apple MacBook Pro M4 hero

Why You Might Want to Wait to Buy a MacBook Pro

Friday May 1, 2026 3:43 pm PDT by
Apple refreshed the 14-inch and 16-inch MacBook Pro with M5 Pro and M5 Max models in March 2026, but depending on your needs and interests, you might want to skip this generation because there's something better in the works. The M5 Pro and M5 Max MacBook Pro models have faster chips, but the same design that Apple has used since 2021. An updated design with new display technology and faster ...
Read Full Article178 comments

Top Rated Comments

I
icanhazmac
22 months ago

These companies need to be held accountable when things like this happen. They should be fined millions, and all leadership should be [S]replaced[/S] criminally charged immediately.
I made your comment better... at least in my opinion.
Score: 70 Votes (Like | Disagree)
ThailandToo Avatar
ThailandToo
22 months ago
This is why the USA needs laws for protection like the EU has…
Score: 54 Votes (Like | Disagree)
DMG35 Avatar
DMG35
22 months ago
These companies need to be held accountable when things like this happen. They should be fined millions, and all leadership should be replaced immediately.
Score: 45 Votes (Like | Disagree)
S
subjonas
22 months ago
This is why I never have and never will use the internet.
Score: 33 Votes (Like | Disagree)
P
PhantomStar
22 months ago
The DOJ should be pursuing criminal charges if not financial as well, to send a message to other data brokers on their relaxed security. In addition proper legislation needs to be enacted to prevent such mass collection without any proper protocols enforced which currently does not exist.
Score: 28 Votes (Like | Disagree)
routine_analyst Avatar
routine_analyst
22 months ago
Amazing how often our data is stolen and yet no one is ever really held accountable to the full degree of the pain it inflicts on the victims. Free ID protection (for 6 months) and "How to not have my identity stolen" classes don't cut it. The companies responsible for this should have never been able to keep any of the data to begin with. Whether it's SSN and medical data or usernames and passwords, all stolen... something's gotta replace all this and IF there's ever a breech, those responsible for storing the data need to be held accountable.
Score: 26 Votes (Like | Disagree)
Read All Comments
Related Apple News: World News | South Africa | Iphone | Ipad | Local News