Skip to Content
Security & privacy

Cyberwar: Hackers steal data from fraudsters who tricked subscribers

Here’s an interesting new story we picked up that reveals a little a bit of how the dark web works. Business is business as usual, more so in the dark underbelly of the internet, it looks like. In this case, it is an ironic tale of cybercriminals stealing from internet fraudsters.

But what is the dark web exactly? Click below and listen as Kim Komando breaks it down for you in this two-part podcast episode:

Everyone is fair game in the world of hacking, and questionable sites, who you can’t trust with your personal information in the first place, are likewise vulnerable to data breaches. Let’s face it, cybercriminals live in a dog-eat-dog world, too.

Read on and learn more about this interesting situation and watch out, your information may already be out there.

Hackers versus fraudsters

According to a new report by KrebsOnSecurity, hackers are now auctioning access to a database of personal information from an online data broker that’s linked to a number of bait-and-switch scam websites.

Krebs said that this week, an auction notice was posted on the dark web for administrative access to the web panel of an “US Search center” that has around 4 million customer records.

Information includes names, passwords, email addresses and phone numbers, and the starting bid was quite steep at $800.

Bait-and-switch operation

Upon reviewing screenshots of the auction, Krebs said that the affected customers had one common denominator — it looks like they have all purchased subscriptions to questionable sites that collect and sell public records.

Sites named in the report include misleading domains and websites like,,,, and

Krebs also discovered that the sites linked to the auction all shared several toll-free customer support numbers at one time or another. These numbers apparently were rotated frequently because they were all reported by customers for fraud.

Why? Well, in a classic bait-and-switch subscription scam, these services first lure in customers by selling their initial reports for a mere $1 but then continuously charge them with larger subscription fees on their credit cards.

The investigation revealed that all these sites link back to two marketing companies – Penguin Marketing (based in Las Vegas) and Terra Marketing Group (based in Alberta, Canada).

Both of these companies are owned by an alleged known online hustler named Jesse Willms, an entrepreneur who has been sued in the past for big-time fraud by the likes of Oprah Winfrey, Microsoft and even by the FTC.  (Not-so-fun fact: This guy was nicknamed “The Dark Lord of the Internet” by The Atlantic in 2014.)

Bonus: If you want to run a background check on yourself, don’t rely on questionable public record search sites and services. Did you know that legitimate consumer reporting services can provide yours for free? Click here for our guide on how how to run a comprehensive background check on yourself.

How to protect yourself

If you’ve ever dealt with these online sites for public record searches, please be on the alert. Your personal information is at risk!

Click here for the full list of sites linked to Penguin Marketing and Terra Marketing Group courtesy of KrebsOnSecurity.

Here are a few online security recommendations you can do to protect yourself from the inevitable fallout from this hack:

  • Check your other online accounts – As usual, if you suspect that you’ve used your password on these sites on other accounts, it’s a good time to review all your online credentials. This is also a good reason why you should never ever reuse the same password for multiple online services and websites. Click here for new ways to come up with a secure password.
  • Enable 2FA -Additionally, if you haven’t done it yet, check your services if they support two-factor authentication (2FA) and enable it. 2FA gives you an extra layer of security that will help keep your accounts safe.
  • Keep an eye on your bank accounts – You should be frequently checking your bank statements, looking for suspicious activity. If you see anything that seems strange, report it immediately.
  • Close your unused accounts – And while you’re at it, better close old accounts that you rarely use. Here’s an online tool that will help you do just that.
  • Have strong security software – Protecting your gadgets with strong security software is important. It’s the best defense against digital threats.

Stop robocalls once and for all

Robocalls are not only annoying, but they scam Americans out of millions every year. Learn Kim's tricks for stopping them for good in this handy guide.

Get the eBook