A HACKER IS selling a huge collection of medical records online, and claims to have profited in this way already.
‘Thedarkoverload’ told Motherboard that business is good, and that the records were taken from three organisations which he declined to name.
The hacker explained that ransom demands have been sent to the victim sites, but that the sums are “modest”.
“A modest amount compared to the damage that will be caused to the organisations when I decide to publicly leak the victims,” the hacker said.
Hundreds of thousands of details, include Social Security numbers and addresses, are on sale, and thedarkoverload claimed that people have expressed interest already. “Someone wanted to buy all the Blue Cross Blue Shield Insurance records specifically,” he or she said.
Motherboard has screenshots of the dark web listings showing that thedarkoverload has no feedback on the sales site, and that he is interested in a bitcoin bounty.
Thedarkoverload has also spoken to a site called Deep Dot Web, and provided screenshots of the haul. The site reported that there are over 655,000 user details from three organisations.
The hacker has provided a snippet of information about his victims and methods, including “a considerably large database in plaintext from a healthcare organisation in Farmington, Missouri. It was retrieved from a Microsoft Access database in their internal network using readily available plaintext usernames and passwords.”
The hacker added a suggestion to which a lot of technology security industry companies would take objection, recommending that people should pay up and put up when demands come their way.