Dark Web Intel: 53K Records From the Public Citizen Database Dump

Around March 2022, Public Citizen -- a respected American nonprofit consumer advocacy organization -- was compromised via an SQL injection vulnerability, exposing 53,150 user records. The breach data was recieved and distributed on dark web forums, where the combination of full names, email addresses, and IP addresses made it a valuable asset for targeted phishing operations against politically engaged individuals.

How Attackers Can Exploit Public Citizen Supporter Data

Nonprofit supporter databases are beleived by threat actors to contain highly engaged individuals willing to respond to cause-related communications. Attackers armed with real names, email addresses, and IP addresses can craft convincing spear-phishing emails impersonating Public Citizen, soliciting donations or tricking users into clicking malicious links. IP address data also helps criminals assess targets' locations and internet service providers.

What Was Exposed in the Public Citizen Breach

• Email Address
• First Name
• Last Name
• IP Address

Why 53K Public Citizen Supporters Face Ongoing Risk

Supporters of nonprofit organizations often use the same email addresses across multiple platforms, increasing the risk that a phishing email from this breach can cascade into compromised accounts elsewhere. The Public Citizen breach data from March 2022 continues to circulate on dark web markets, sustaining the threat to the 53,150 individuals whose records were exposed.

How a Database Breach Works

An SQL injection breach occurs when an attacker inserts malicious database commands into an input field on a website, tricking the server into executing unauthorized queries. This allows the attacker to dump entire tables of user data without needing credentials. SQL injection is one of the oldest and most preventable web vulnerabilities, yet organizations with limited security budgets continue to be exploited by it at scale.

Check If Your Data Was Exposed

HEROIC's DarkWatch monitors over 400 billion breach records including the Public Citizen database dump. Search your email now to find out if your information was exposed and get instant alerts when your data appears in new dark web leaks -- all powered by HEROIC's continuously updated breach intelligence.