Tax Details of the Wealthiest Americans Leaked and Billions of Passwords Exposed

We've rounded up two data leakages in the new report on recent data related incidents. Today we're revealing the details of the incident, involving compromise of 3.4 billion credentials and disclosing, how thousands of wealthy Americans' tax information leaked to the press.

Let's start with a very serious case of personal data exposure: 3.4 billion credentials inadvertently leaked to the public domain. The leak came to light when SecurityDiscovery CEO Bob Diachenko discovered that DarkBeam’s Elasticsearch and Kibana data visualization interface was unprotected. DarkBeam, digital risk protection company, had apparently been collecting information to alert its customers in case of a data breach.

It is assumed that the disclosed data was not limited to DarkBeam's customers. The leaked data included:

  • Logins
  • Email addresses
  • Passwords.

After discovering the unprotected database, Diachenko alerted the company to the problem and the leak was promptly closed. It is unclear at this stage how long the data had been in the public domain. 

Regardless of the company's quick response, this combination of revelations put everyone involved at significant risk.

As a result of the second incident, an Internal Revenue Service (IRS) consultant in the US was charged with leaking taxpayer data. The defendant allegedly gave two news organizations’ tax information on thousands of the country's richest people dating back more than 15 years.

Charles Littlejohn, 38, had access to the leaked information while working as a contractor for the consulting firm from 2018 to 2020. At this stage, there is no definitive information on exactly how the intruder managed to get the data out of the workplace.

The incident has caused much consternation, not only because of the nature and scale of the leak, but also because tax records are subject to elaborate safeguards and cases of unauthorized disclosure are rare.

Now Charles Littlejohn faces up to five years in prison.

We have previously reported  cases of former employees leaking information to major publications, such as the Tesla employee incident. At that time, information about the company's employees and customers was compromised.

Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyberincidents.