Now, Krebs On Security reports a roughly identical website to NPD called recordscheck.net was found to be hosting an archive containing site logins as well as source code for some of the site’s tools in plaintext. That would’ve been enough information to access the same consumer records as NPD. The now-removed file contained email data belonging to NPD founder Salvatore Verini, an actor and retired sheriff’s deputy from Florida.
In an email exchange with Krebs On Security, Verini wrote that the file contained an old website version with “non-working code,” and the site will cease operations “in the next week or so.” Verini did not comment further, citing an “active investigation.” Krebs On Security also found that Verini wrote a positive testimonial for Creation Next, a web developer company mentioned in the archived source code.
Since the leak on the hacker forum last month, several websites like npdbreach.com, from Atlas Data Privacy Corp, and npd.pentester.com have popped up, saying they offer searches to find out if your information is included in the leak. Using these services, of course, means you need to put your name, birth year, and perhaps your SSN into someone’s form. As Krebs notes, given the many leaks that have already revealed similar information, the best course of action available may be to put a freeze on your credit report with the major bureaus (Equifax, Experian, and TransUnion) and take advantage of the free weekly credit reports you are entitled to.