US authorities are investigating claims that the personal data of high profile figures including Hilary Clinton, Arnold Schwarzenegger and the chief of the LA police department has been posted online by a hacker.
As first reported by US gossip site TMZ.com, a website called www.exposed.su yesterday published what it claims are the personal details of 17 US public figures.
They are: vice president Joe Biden, FBI Director Robert Mueller, Michelle Obama, Hillary Clinton, Sarah Palin, US Attorney General Eric Holde, LAPD chief Charlie Beck, Kim Kardashian, Mel Gibson, Ashton Kutcher, Jay Z, Beyonce, Paris Hilton, Britney Spears, Hulk Hogan, Donald Trump and Arnold Schwarzenegger.
The data includes the supposed victims’ addresses, birth dates, mortgage amounts, car loans, banking information and social security numbers. The website’s authors do not state how they supposedly acquired the information, although much of it is said to have been extracted from credit reports.
The FBI is investigating the case, according to the Associated Press.
Multiple sites have reported that some of the data matches public records, although at the time of writing the files were unavailable for download.
An apparently related Twitter account, with the handle @exposesu, carries a message in Russian that translates as: “Our goal is to show you all that this is only one of a few tricks up this lone wolf’s sleeve” (Google Translate).
The website hosting the information ends in a .su domain suffix that was assigned to the Soviet Union in 1990. The domain, which was kept active after the union’s dissolution, can still be registered today.
According to a post on Swiss cyber security blog abuse.ch posted in January last year, the .su domain is being increasingly used by cybercriminals after switching from .ru, which was previously used for phishing attacks.
In October last year, privacy campaigner ‘Dissent Doe’ discovered via Freedom of Information that 17,000 credit reports had been stolen from ratings agencies since 2006, including 15,500 from Experian.
A common technique is to compromise a bank’s IT systems and access their Experian account remotely.