Hey Travis, Joseph here with both a data broker story and a content moderation one. You might remember I revealed how criminals were using powerful tools to dox their victims. Here, we show that people on freelancing site Fiverr are advertising access to those capabilities too, offering to dox anyone for around $30. The full story follows below.

Dozens of sellers on the freelancing platforming Fiverr claim to have access to a powerful data tool used by private investigators, law enforcement, and insurance firms which contains personal data on much of the U.S. population. The sellers are then advertising the ability to dig through that data for prospective buyers, including uncovering peoples’ Social Security numbers for as little as $30, according to listings viewed by 404 Media. Fiverr removed the listings after 404 Media inquired about the practice.

The advertised tool is TLOxp, maintained by the credit bureau TransUnion, and can also provide a target’s unlisted phone numbers, utilities, physical addresses, and more. 

There is a good chance many of these listings are scams, designed to take peoples’ money without providing the requested data, or by sourcing it in another way and presenting the results as a TLOxp search. Regardless, the advertisements' existence presents a content moderation issue for Fiverr.

404 Media has previously reported on how TLOxp and similar tools have become a secret weapon in the digital underground, with hackers and fraudsters using the capabilities to dox people in minutes. The tools can be especially powerful because some use credit header data, which is personal information people provide to their financial institutions in the normal course of business of obtaining a credit card, which then trickles down to a wide web of other companies.

This segment is a paid ad. If you’re interested in advertising, let's talk.

As generative AI shapes our future, keeping it safe is becoming a top priority for regulators, consumers, and tech platforms alike.

One of the most powerful tools in the AI safety stack is red teaming - but what is it and how is it done? ActiveFence’s latest report, "Mastering GenAI Red Teaming: Insights from the Frontlines," dives deep into the essential strategies and methodologies for effective AI red teaming. Learn from real-life scenarios and case studies and discover how to identify and mitigate risks in AI models. This comprehensive guide provides a framework for red teaming that balances safety and functionality, ensuring your AI systems remain robust against adversarial attacks.

Read the report now to enhance your AI safety protocols and stay ahead in the rapidly changing landscape of AI technology.

“I have access in TLOxp,” one of the listings reads.

404 Media found nearly 50 advertisements by searching for “TLOxp SSN” on Fiverr. Many of these sellers, at least some of whom appear to be overseas, advertise their lookup services to investors, realtors, or skip tracers. Skip tracers are people tasked with recovering lost property. But there is no indication that the Fiverr sellers would limit sales to only those industries.

As well as personal data that could reveal where someone lives, one listing says they can obtain a person’s credit score. Another says they can access the credit report itself.

“There was a time when sellers on Fiverr advertised that they had access to databases such as TLOxp and Clear, but as professionals like private investigators reported these accounts to the databases they began to come down,” Valerie McGilvrey, a skip tracer who uses various tools and techniques to track down vehicles that need to be repossessed, told 404 Media. “I've reported videos taken by these shady gigsters even on YouTube that show real US citizens information such as residential history, date of birth, social security numbers and phone numbers done by recording their screen to prove they authentically have access.”

“The due diligence is on the shoulders of the data provider,” McGilvrey added.

The Secret Weapon Hackers Can Use to Dox Nearly Anyone in America for $15

Most Americans have very little choice but to provide their personal information to credit bureaus. Hackers have found a way into that data supply chain, and are advertising access in group chats used by violent criminals who rob, assault, and shoot targets.

404 Media •Joseph Cox

TransUnion acknowledged a request for comment but did not provide a response in time for publication. In a previous statement on the underground sale of credit header data and alleged TLOxp access, a company spokesperson told 404 Media “On the very rare occasion where we confirm misuse of TLOxp, we coordinate with law enforcement to help prosecute those responsible.” The company added that “at times, fraudsters will pull data from other sources and misrepresent it as TLOxp data.”

A Fiverr spokesperson told 404 Media in a statement that “these services are not allowed” on the platform. “We have clear policies against it. We’ve removed the listings which were offering this prohibited service. We suspended accounts where appropriate and updated our monitoring parameters to ensure they don’t reach the marketplace in future.”

“We take a no-tolerance approach when it comes to ensuring the safety and security of Fiverr users. Our dedicated Trust and Safety team works tirelessly to prevent the misuse of our UGC [user generated content] platform. This team employs advanced algorithms, which we are constantly updating, third-party tools, and manual checks to identify and remove services that violate our policies. And as a UGC platform, we always encourage our community to report violating content to us,” the statement added.