Experts later clarified that while the "2.9 billion" figure likely included many duplicates and deceased individuals, the scale remained historic. Unlike the , which stemmed from a software vulnerability, the NPD incident is frequently cited as a cautionary tale about directory listing vulnerabilities and the dangers of storing sensitive backups on internet-facing servers.
The "story" behind this file involves a sequence of security failures and dark web leaks that ultimately exposed the sensitive information of millions of individuals: The Accidental Exposure index_breached.vc.zip
: Usernames and passwords for their internal systems. Experts later clarified that while the "2
The file index_breached.vc.zip is a notorious archive linked to a massive data breach involving , a background check company owned by Jerico Pictures Inc.. The file index_breached
Once discovered, the data was reportedly scraped and posted to the dark web by a threat actor known as "USDoD." The hacker initially attempted to sell the database for , claiming it contained 2.9 billion records , including: Full names Social Security numbers (SSNs) Mailing addresses Phone numbers The Impact
The breach wasn't necessarily a complex hack but a critical oversight. A security researcher discovered that NPD had left a zip file—often identified as index_breached.vc.zip or similar variants—publicly accessible on their website. This file contained: