Identity theft marketplace sells mothers' maiden names, dates of birth, etc

Many websites will allow you to "recover a lost password" if you (or a crook) can supply your date of birth, mother's maiden name, etc. So, of course, crooks buy and sell data like dates of birth, mothers' maiden names, Social Security Numbers, and other easily mined minutae. Brian Krebs reports from, a site that sells would-be fraudsters this information, and also has a wholesale program so that entrepreneurial crooks can resell your personal information to their friends.

Superget lets users search for specific individuals by name, city, and state. Each “credit” costs USD$1, and a successful hit on a Social Security number or date of birth costs 3 credits each. The more credits you buy, the cheaper the searches are per credit: Six credits cost $4.99; 35 credits cost $20.99, and $100.99 buys you 230 credits. Customers with special needs to can avail themselves of the “reseller plan,” which promises 1,500 credits for $500.99, and 3,500 credits for $1000.99.

“Our Databases are updated EVERY DAY,” the site’s owner enthuses. “About 99% nearly 100% US people could be found, more than any sites on the internet now.”

Customers who aren’t choosy about the identities they’re stealing can get a real bargain. Among the most trafficked commodities in the hacker underground are packages called “fullz infos,” which include the full identity information on dozens or hundreds of individuals.

How Much Is Your Identity Worth?


  1. Y’know…If someone like Anonymous went after groups like these slime, they’d immediately gain a whole lot more cred with people. Just sayin…

  2. In the future, please black out sensitive information rather than blur it. If something as simple as Photoshop can now deblur images, imagine what more specialized tools can do.

      1. Blurring obfuscates the data and degrades it; blacking it out removes it entirely (well, as long as you’re not doing it incompetently in a PDF…).

        The state of interpolation has advanced a lot in recent years with better algorithms and processing power. The stuff they do on TV is no longer as far-fetched as it was when we saw “Sneakers” in 1991.

        Meanwhile deblurring text is a rather trivial case, as text has relatively few and unique character shapes. Even crude algorithms can quickly come up with a small set of possibilities from a blurred original.

  3. But remember, copyright infringement is a more serious crime to be talking about than sites such as this.

  4. The bigger problem is that all it takes to steal someone’s identity is knowing their birth day and mothers’ maiden name.  There’s a whole lot of people I know who could easily figure out those pieces of information, not all of whom I liked.  This is getting even worse, as a lot of mothers for whatever reason (never married, never changed name) keep their maiden name despite having children. 

    1. Kibbee, two things:

      1) Some women keep their maiden names because they like their maiden names and don’t feel a need to reject that identity they’ve had their entire life just because they got married. 
      2) I am sure you don’t mean to suggest that mothers keeping their maiden names is the problem here. It kind of sounds like it, but I must be reading that wrong. Because, clearly, the problem is companies and organizations using easily findable information as if it is some iron-clad secret that only an individual will know about themselves. It’s dumb security policy. Not women.

      1. I think that you’re the only person that read that comment and drew that conclusion.

        I think that it’s pretty obvious that he was suggesting that women keeping their own names means that using that information as a ‘secret’ security credential is becoming more obsolete – nobody’s blaming the women – your feminist sense may be tingling, but it’s a false alarm.

        1. No, Nathan, she’s not.  As soon as I read “This is getting even worse, as a lot of mothers for whatever reason…keep their maiden name despite having children” I planned on commenting.  The word “despite” in that sentence means “in spite of”, and the “spite” in that phrase has 100% negative connotations.  So, yeah – where there’s smoke, there’s  probably  a minor misogynistic fire.

  5. See, this is why I use MADE UP stuff for my mother’s maiden name, pet’s name, etc. They ain’t real, so they’re harder to mine.

  6. What does this say about the particular market interested in purchasing this information? 

    When there are eff’ing WHOLESALE bundles available to buy up, and implied levels of worth, there is something very seriously wrong with the world we live in.

  7. If you report the website as violating the DMCA, won’t the Feds drop a few paratroopers into their hosting facilities and blow up their web servers? At least that’s what I’ve been told happens these days when violations are merely alleged.

  8. One of the upsides of having terrible credit is that these scumbags wind up paying fair market value for my stolen identity details.  That’s my little victory over the perpetrators of identity theft.  Take that!

  9. Boing Boing had a recent post on how to create a password, it was posted after it was apparent that some name games on Facebook were actually mining password info. 

    One thing I learned from that article  is this  simple advice, MAKE UP YOUR OWN ANSWERS!

  10. It baffles me that secure websites will force you to have a strong password and other measures to protect your connection with them.

    And then they ask a dumb question like “What’s your home town?” or “What’s your mother’s maiden name?” for “password recovery”.

    Does nobody understand the concept of “A chain is only as strong as its weakest link” any more?

  11. I made up my answers, but the banks keep “correcting” them based on their records, which not only means that I, who know the made up answer I gave when setting up the account, am  the ONLY one who can’t get a new card issued  – with a new PIN – on my account, but also that the information isn’t terribly private or secure because they can so easily go into their own records to get it. 

  12. A few years ago, a credit card company asked me to create a password.  So, I type in something like frodoisgreatwhoisthat.  A year or so later, when I call them about an issue, they ask me for my mother’s maiden name.  “Smith.”   “I’m sorry sir, that’s not what I have here for your mother’s maiden name.”  “Well, my mother’s maiden name is Smith.”  “Well, the name that I have here, sir, looks more foreign than that.”

  13. This information is also available on geneaology websites some of which are free and some of which are fee based.

Comments are closed.