Oh, damn, Friday edition.

Several weeks ago, I noted a misconfigured 2014 version of World-Check database and an analysis of its contents. The database contains information on individuals who have histories of allegedly being involved in financial crime, terrorism, or other types of crime. Banks and other institutions use such databases as part of their due diligence.

Today, I see that two vendors are currently offering that database for sale on the dark net.

One vendor is asking 3.5 BTC (about $2300 at current rates). The other vendor is asking 10 BTC.

The one asking 10 BTC says the database was obtained from the CouchDB leak (supposedly the one that Chris Vickery uncovered and reported). But it is the one asking 3.5 BTC that really caught my eye, because that vendor’s description says (emphasis added):

Thomson Reuters World Check database straight from SmartKYC to you. They are still leaking and I found it last night.

This is the 2014 version with 2,240,000+ records. Look at screenshots for proof that this is original and legit. Those screens have not been released before.

Special introductory price to gauge interest. Price may increase depending on demand. Comes as 600mb compressed .json file.

Still leaking? I wonder if it’s the same client’s database, as that had reportedly been secured. Unlike the other offer, this one has screen shots not previously revealed.

DataBreaches.net has e-mailed Thomson Reuters to ask them what, if anything, they are doing in response to these claims. This post will be updated if and when more information becomes available.

In researching this, I see that Jason Murdock of IBT has also reported on it on Wednesday, but I don’t see any update to his article.

About the author: Dissent