Millions of social security numbers were stolen by hackers from US data brokers earlier this year, an investigation has revealed.
US First Lady Michelle Obama and Microsoft mogul Bill Gates were two of those who had their ID details stolen. Many other celebrities were targeted, including Beyonce Knowles, Jay-Z and Ashton Kutcher.
Around four million American civilians had their records accessed via the site targeted by the hackers.
Journalist Brian Krebs, along with the FBI and US Secret Service, looked into how the exposed.su website got hold of the social security numbers of many high profile and famous Americans.
Krebs tracked the information back to hackers who ran an online market for confidential data by compromising computers sitting on the data brokers’ corporate networks.
Much of the information was purchased from a site called SSNDOB, which advertised itself as a market for private data on high profile people. It sold records for as little as 50 cents per individual.
Analysis of the SSNDOB database by Krebs and forensic computer expert Alex Holden, of Hold Security, revealed the ID data being sold had come from machines sitting on the internal networks of several American information aggregation firms. Compromised computers or systems at LexisNexis, Dun & Bradstreet and Kroll were all named by Krebs as the sources of the data.
"All three victim companies said they are working with federal authorities and third-party forensics firms in the early stages of determining how far the breaches extend," wrote Krebs on his blog.
LexisNexis issued a statement denying that its information was exposed: "To date [we] have found no evidence that customer or consumer data were reached or retrieved," said the statement.
