© Thinkstock
Fear, who claims to be a teenager, said he took advantage of lax security at the company Neustar to gain access to a large number of FTP (File Transport Protocol) servers.
Servers for file transport are often used to upload data to a website, and run off of the same types of domain names as websites.
Neustar is in charge of the ".us" top-level domain, an alternative to ".com," ".edu" and ".org." By hacking Neustar, Fear gained access to the FTP accounts for every site with an address ending .us.
"I hacked into the Neustar FTP, and I dumped their files, and in the files there were a list of each and every FTP server on a .us, and it had their passwords, users, ftp ip, hostname, and domain," said Fear in an online chat.
Many of the servers that host .us accounts also host ".gov" accounts, leaving Fear with what he claimed was access to a wide variety of government information, including voter registrations for every county in all 50 states, prescription databases and the Department of Education.
"It only takes 13 hours and 23 minutes and 12 seconds for somebody to finish gathering data on every US citizen," Fear boasted.
Many states used poor security practices, he said, using passwords no more than five characters and failing to encrypt sensitive information.
Fear said that the files he has amassed include credit card information, bank transactions, prescription information, Social Security data and more, and that he planned on selling the information he had downloaded for "thousands of dollars in cryptocurrency."
At press time, Neustar had not responded to a request for comment.
The summary is not valid. Read the original story. This "hacker" may have found a database of domain names. So what?! That does not give him credentials to access protected information. Anyone who does not understand DNS is unqualified to comment on this claim.