Astoria Company LLC is a lead generation company with a network of websites designed to collect information on a person that may be looking for discounted car loans, different medical insurance, or even payday loans.
Users volunteer personal information to any of their lead generation sites, which is then collected and sent to a number of partner sites (such as insurance or loan agencies), that pay per lead referral.
On January 26, 2021, the threat intelligence team at Night Lion Security became aware of several new breached databases being sold on the Dark0de market by popular hacking group Shiny Hunters. The data listed for sale included 400 million Facebook users, a database allegedly containing Instagram users, and a 300 million user database dump allegedly from Astoria Company. The details of the Astoria Company data sale included 40 million U.S. social security numbers (these numbers were later proven to be inflated).
Nearly one week later, these databases were published for sale on the Dark0de forum by Shiny Hunters.
Exposed records include the following fields:
- Name
- Email address
- Date of Birth
- Mobile Phone
- Physical Address
- IP Address
In addition to the base fields, many of the different lead types included additional information, such as social security numbers, full bank account information, and even medical history.
Night Lion Security’s CEO, Vinny Troia, reported to Astoria Company on January 29, 2021 the flaw in their database and the availability of their data on Dark Web.
The company investigated the issue and discovered that a former developer from India was responsible for intentionally saving database credentials to the site. Astoria ultimately took the entire site offline.
Read more about it here.