Threat Actor Leaks Personal Records of 250 Million American Households on Hacking Forum

A threat actor named Pompompurin has posted a treasure trove of 250 million personal records belonging to US residents. The database containing 263 GB of personally identifiable information (PII) and household-related data was leaked on a popular hacking forum last week.

According to an analysis done by, the records contain 1255 CSV sub-files, each with 200,000 listings that include:

  • Full names, phone numbers, and email addresses
  • Date of birth, marital status, and gender
  • House cost, home rent, home built year
  • ZIP codes, home addresses, and Geolocation
  • Credit capacity and political affiliation
  • Salary, income details, and number of owned vehicles
  • Number of children in the household
  • Number of owned pets

For the moment, the owner or origin of the database remains unclear.

“This was dumped by me,” the threat actor said in his post description. “Took a few days to export data fully, so enjoy. Feel free to ask any questions about the data. There are 59 million unique emails in this. All data on people living in the US.” He also makes sure to specify that “there are no passwords in this leak.”

Check if your personal info has been stolen or made public on the internet with Bitdefender’s Digital Identity Protection tool.

Digital and physical security risks for victims

Given the sheer number of leaked information on individuals and their households, malicious actors can exploit the data in many ways. By combining the info, cybercriminals can deploy compelling social engineering attacks that may lead to account takeover, identify theft and fraud.

In addition to these digital threats, criminals can single out specific victims based on their income details, the number of owned vehicles and home address.

Victims should closely monitor their online interactions and inboxes. They need to be fully aware that cybercriminals and scammers can target them via any social media platform or use phone numbers to make unsolicited calls or send malicious or fraudulent links via text.