When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
Web crawlers, scrapers, or even usgreencardoffice website visitors could have easily found it.
Furthermore, in the database there was information on 147,000 secondary users - spouses and children.
The data seems to date from 2018.
This leak is alarming and extends beyond inconvenience.
It affects more than 350 thousand people, some of whom may be vulnerable due to their immigration status.
Bad actors could exploit leaked contacts and crack the passwords stored using an outdated hashing algorithm from 1991.
Social engineering attacks are also likely, it was said in the report.
Cybernews researchers found a reverse shell on the website hosting the database, that indicates compromise.
As the shell files upload date is August 1, 2023, its highly likely the data was taken.
We will know for sure if, or when, it pops up for sale on the dark web.
TechRadar Pro has contacted USGCO for comment.
