Security

Exclusive: Personal data of 1.41m US doctors sold on hacker forum

Cybercriminals are taking advantage of the Covid19 pandemic. From selling fake Coronvirus vaccines and testing kits to setting up malware-infected fake live maps of the infection, crooks can go to any level to make cheap and quick bucks on hacker forums.

In the latest, a cybercriminal is selling personal and contact details of 1.41 million doctors based in the United States. This can turn into a disaster for doctors and healthcare staff busy saving lives amid the pandemic.

Hacker forum where Find A Doctor’s database is being sold.

Hackread.com has learned that the database in the discussion was stolen on April 11th, 2020, from qa.findadoctor.com, an online service that lets people search for the healthcare professional, book instant appointments and consult with doctors online.

The targeted website is based in Edison, NJ New Jersey and owned by Millennium Technology Solutions. A look at it shows it claims to have registered 100000+ doctors and 5000+ members. The website allows both doctors and patients to register themselves with their email addresses. Though, patients are required to snap a photo of themselves or upload one from their PC to register their membership.




We can confirm that patients’ photos or medical records are not among the stolen data. However, what includes in the data is enough to target doctors. For instance, the sold records include details like full names, genders, name of the hospital – organization where they work, their location, mailing address, practice address, country, phone numbers, license number, and much more.

The good news is that this trove of data does not contain email addresses which means doctors are safe from phishing and malware scams but based on the leaked records finding their email addresses will be a piece of cake. Hackread.com was able to find dozens of doctors in New York-based on the sample data we have seen.

Sample data on the hacker forum

Furthermore, cybercriminals can use available phone numbers to carry out a smishing attack, a malicious technique involving sending of text messages with phishing links to steal financial data or redirect the victim to website dropping malware – Simply put: Attacking options for cybercriminals with this data are infinite.

In a comment to Hackread.com, Under the Breach, a service that exclusively monitors data breaches and works for its prevention said that,

You Might Also Like