New Findings on the National Public Data Breach: Poor Security Measures and the Role of Infostealer Malware as a Possible Vector of Attack 

In recent months, the National Public Data (NPD) breach has been a topic of intense scrutiny, with cybersecurity experts like Brian Krebs highlighting the poor security practices that contributed to the breach’s magnitude. As we continue to analyze the aftermath, new findings have come to light that underscore the dangers posed by inadequate security measures and the rising threat of infostealer malware as a vector of attack.

New Findings: Malware Infections and Shared Credentials

Our latest investigation into the NPD breach has uncovered two instances of malware infostealer infections associated with the site recordscheck.net, which raise serious concerns about the security of the affected infrastructure.

Infection #1: Shared Credentials or Compromised Systems?

The first case involves a user named Sal Verini, whose email and username were found alongside numerous credentials from creationnext.com. This overlap suggests two possible scenarios:

  • Shared System Usage: Sal may have used the same computer as someone from creationnext.com, leading to a potential cross-contamination of credentials.
  • Credential Sharing: Alternatively, Sal may have shared his credentials with someone at creationnext, raising the risk of unauthorized access.

Both scenarios point to poor security practices that could easily be exploited by attackers, leading to significant data breaches.

2. Infection #2: Weak Security and Admin account exposure

The second instance is even more alarming. It involves a user named “admin” who was using one of the most simple passwords possible — “passw***”—a glaring example of weak security. Looking at the autofill data, this account appears to be linked to Thomas S, a young independent Software Developer in Togo. The infection date was recorded as of May 26, 2023.

Were these infections the vector of attack to the NPD breach?

Recent breaches have increasingly been traced back to infostealer malware, which harvests credentials and other sensitive information from infected systems. These stolen credentials and cookies are then used to gain unauthorized access to networks, leading to data breaches and other cyber-attacks.

In the case of the NPD breach, it’s plausible that infostealer malware was the vector of attack. The presence of shared credentials and weak security practices only amplifies this risk, as attackers can use these stolen credentials to infiltrate systems and exfiltrate valuable data.

A Call for Better Security Practices

The NPD breach serves as a stark reminder of the importance of robust security practices. The use of weak passwords, sharing of credentials, and reliance on autofill features are all practices that can lead to catastrophic breaches. Organizations must prioritize security by implementing strong, unique passwords, minimizing the use of autofill for sensitive information, and regularly monitoring for signs of malware infections.