PastHole Self-Proclaimed Hackers of Equifax = Taken Down


As of September 10 (Sunday), the darkweb hosting provider of the PastHole team has suspended their website.

More details to be added to this page as they become available.

PastHole is the name of the Russian hacking team that is claiming responsibility for the 2017 Equifax data breach.

The name comes from the contact email address posted on their site badtouchyonqysm3.onion. Note that .onion is a top level domain suffix that is used specifically for an anonymous hidden service that can be reached via the Tor network and not via the ordinary Internet.

Their email address — if you’d like to get in touch with the Russian hackers who may or may not leak your data to the entire world on September 15 depending on whether they get the money they’ve demanded from Equifax — is [email protected]

The acronym of the words in their website domain is NSA ( = national security agency).

The self-proclaimed hackers identify themselves on their site as “two people trying to solve our lives and those of our families” and they claim that they never expected to get so much data and they also realize that it becomes less valuable with the passage of time.

What gives credence to the two’s claim that they are the hackers in actual possession of the data is that they are willing to provide verification through a somewhat clearcut process. Equifax can send them, say, a name or SSN from the accessed dataset, and PastHole says they will respond to Equifax with whatever other information they have on that identifier, such as the birthdate, address, and credit-card number.

You may want to urge Equifax to pay the ransom they’re asking, which is 600 BTC or about 2.5 million U.S. dollars.

Bitcoin address: 17vkHnkXwYaSRiLipEWNWvNqPvC51ZBswy

As of May 2017, Equifax Inc. had a market cap of $16.3 billion USD. The company is among the top 1500 in the world and ranks between 400 and 800 in the United States. According to SEC filings, Equifax CEO Richard F. Smith’s total compensation last year was $15 million.

What the hackers have are the Personally Identifying Information (PII) of approximately 143 million Americans with possibly a few Canadian and British citizens mixed in. The dataset includes names, birth dates, addresses, driver’s license numbers, and most alarmingly, Social Security Numbers (SSNs).

There is a smaller subset of consumers whose credit-card numbers were also allegedly obtained — about 240,000 individuals. The hackers say they will publish the PII on September 15 if their ransom demand is not met; it seems they have no plans to publish the credit-card numbers on the deadline date.