U.S. Identity Data Advertised for Sale on a Popular Dark Web Forum

A threat actor has published a very large database of U.S. citizen identities on a cybercrime forum. The data includes highly sensitive personal and financial information.

Dark Web Informer, a platform that provides early access to critical cyber breach news and intelligence, shared this in one of its exclusive threat intelligence reports.

The “Everything for Your Business” Data Store

On October 15, a detailed post appeared on a popular hacking forum. The threat actor, going by Shadowland, advertised a massive database of information about U.S. residents. The listing was titled “HOT US DATA! Fullz, SSN, DL, EIN — EVERYTHING FOR YOUR BUSINESS!”

The data being put up for sale is a complete identity thief’s toolkit, including full names, addresses, and phone numbers. But more importantly, it also contains Social Security Numbers (SSNs), and driver’s license information. A particularly alarming inclusion is Employer Identification Numbers (EINs). These are used by businesses for tax purposes.

The post listed clear, affordable prices. A full identity record, or “Fullz,” starts at just $2. A single SSN is sold for $1. A driver’s license record costs $3. The data is available for both retail and wholesale buyers.

An Automated, Professional Criminal Operation

This is not a simple data dump. Shadowland is running a professional service. The operation offers two APIs for automated data lookups. The “CR API” costs $3 per request. The “EIN API” is priced at $8 per request. This allows criminals to integrate stolen data directly into their own fraud systems.

The actor provides Telegram handles for customer support and private sales. This creates a streamlined buying process. The service even uses a brand name: “FindMeUS.” This screams well-planned, ongoing criminal operation. Shadowland’s been at it since May 2025, targeting the US, Canada, and Australia.

Why This Dark Web Listing Matters

This incident highlights a serious and persistent threat. The availability of this verified data enables widespread fraud. Criminals can use it for identity theft and tax fraud. They can even create synthetic identities.

Access to the API is highly concerning; it presents the opportunity for bulk, automated exploitation, which makes it significantly easier for criminals to operate at scale. So financial institutions and individual stakeholders have to be particularly more vigilant.

Related Incident: Stolen U.S. Property Data Sold on Dark Web Forum

This is not an isolated case. Earlier this year, another hacker targeted American property records. In May 2025, an actor named “Sentap” advertised a different huge data trove. They claimed to have stolen 1.02 terabytes of data from a U.S. title company.

The stolen property data covers several Midwestern states – sensitive title search files containing deeds, tax records, mortgages, and liens. In the wrong hands? Such information can be dangerous. 

Crooks could use this to hijack your identity. It could also facilitate real estate and title fraud. Thieves could even use it to target homes for high-value burglaries. This property data breach shows a wider trend. Cybercriminals are aggressively targeting foundational personal and financial records.

Staying Informed Is the First Line of Protection

The increasing appearance of such detailed personal and property data on the dark web is a stark reminder of the digital age’s dangers. Our most sensitive information, from our Social Security numbers to our home titles, is now a commodity for cybercriminals. 

These are not isolated leaks; they are targeted attacks on our financial and personal security. Staying informed through timely and credible threat intelligence sources is now essential. It is an important and basic step in building an understanding of the threats, protecting yourself, your identity, and your property. This gives you an advantage in the constantly evolving underworld of criminal activity.