Index_breached.vc.zip Official

: Direct access to the company's proprietary software.

The breach wasn't necessarily a complex hack but a critical oversight. A security researcher discovered that NPD had left a zip file—often identified as index_breached.vc.zip or similar variants—publicly accessible on their website. This file contained: index_breached.vc.zip

: Usernames and passwords for their internal systems. : Direct access to the company's proprietary software

: Details on how their databases were structured and accessed. The Dark Web Leak This file contained: : Usernames and passwords for

Following the leak, multiple class-action lawsuits were filed against Jerico Pictures Inc. for failing to secure the data. You can find technical post-mortems and security analysis of the breach on platforms like the Huntress Blog or specialized security news sites like Risky Business .

Once discovered, the data was reportedly scraped and posted to the dark web by a threat actor known as "USDoD." The hacker initially attempted to sell the database for , claiming it contained 2.9 billion records , including: Full names Social Security numbers (SSNs) Mailing addresses Phone numbers The Impact

Experts later clarified that while the "2.9 billion" figure likely included many duplicates and deceased individuals, the scale remained historic. Unlike the , which stemmed from a software vulnerability, the NPD incident is frequently cited as a cautionary tale about directory listing vulnerabilities and the dangers of storing sensitive backups on internet-facing servers.