There have been multiple accounts created with the sole purpose of posting advertisement posts or replies containing unsolicited advertising.

Accounts which solely post advertisements, or persistently post them may be terminated.

Trainguyrom ,

Worth noting looks like this breach was first reported at the start of June

www.theregister.com/2024/06/03/usdod_data_dump/

fmstrat OP ,

There is a small silver lining, according to the VX team: “The database DOES NOT contain information from individuals who use data opt-out services. Every person who used some sort of data opt-out service was not present.” So, we guess this is a good lesson in opting out.

Wonder what the best opt-out service is.

mechoman444 ,

This explains why I’ve been getting so many Indian scam calls the last few days.

C126 ,

2 billion social security numbers? What’s the population of the US?

fmstrat OP ,

More than US.

AWittyUsername ,

Is this why I got the latest scam email saying I need to pay $4k in bitcoin else a video of me wanking would be leaked.

SynopsisTantilize ,

Oh shit sorry. I must have accidentally sent that email to the wrong person. I meant to send that to my dad.

derpgon ,

How about you send it to me instead and I’ll pay you the 4k

AWittyUsername ,

Ok

PenisDuckCuck9001 ,

Good god. Thats like, every person that has ever used a computer probably. Fuck.

MIDItheKID ,

Is there a simple way to find out if your Information was in this leak, and what information it is? I use haveibeenpwned for leaks linked to my email address, but from I read in this article, it’s not linked to my email address.

So how do I found out if my data was leaked without paying for a credit monitoring service?

fmstrat OP ,

We got notified by email from the credit monitoring our credit card provides.

Doxatek ,

I like how my social security card explicitly says not to be for identification and tax purposes only. But I need for absolutely fucking everything and to identify I’m a citizen. Can hardly sign up for a new email without a SSN. (Exaggerating of course about the email)

qjkxbmwvz ,

to identify I’m a citizen.

It’s kinda worse than that — it’s used to authenticate yourself as a citizen.

My SSN should at most be an ID, no different from a name. I can identify myself as Darth Vader or 4200-69-1337, but that shouldn’t matter, because I should never be able to authenticate myself as either of those.

StreetCash ,

I think you miss typed a number, that one doesnt seem to be working

aesthelete , (edited )

Any company accumulating, aggregating, and centralizing every piece of private and public information under the sun about people is a ticking time bomb (and that is a lot of companies these days).

We need harsher penalties for these assholes, and a privacy amendment so that we actually have some rights when dealing with them.

DarkCloud ,

Also, from a national security perspective we need to make sure this isn’t a slow attack to make westerners more vulnerable than other places that aren’t liberal democracies.

xthexder ,
@xthexder@l.sw0.com avatar

How did this company leak 2.9 billion people’s info, including SSNs, when the population of the US is only ~350M?

Is “National Public Data” collecting info on everyone internationally? So many questions…

CluelessLemmyng ,

When applying to a US government position with a certain security clearance, they will do background checks of you, your family and extended family, if need be.

And I’m sure that can be the case for any employer who needs background checks. That being said, I also suspect some of these people in the database are dead.

HubertManne ,

I just assume ssn is for a us audience and its worlwide with equivalent numbers but who knows. I mean there are only 8 bil on the planet so thats like everyone except maybe china, india, and africa

fmstrat OP ,

Read the article? Your questions are answered there.

Treczoks ,

And again they will fail to punish the company responsible for protecting this data for their criminal neglience.

Thebeardedsinglemalt ,

Because that might damage shareholder value

Treczoks ,

It really should. The shareholders did profit from not investing in security until the incident. Let them suffer.

NutWrench ,
@NutWrench@lemmy.world avatar

Who TF is “National Public Data?”

Nurgus ,

A company not dumb enough to store anything in the EU, that’s who. They’d be in real trouble now! Phew.

unrelatedkeg ,

You’re kidding, right?

_sideffect ,

“Please enter your full name, address and SSN to check if you were exposed!”

BingBong ,

Identity theft monitoring services always scare me. It seems like you are dumping a huge amount of information into a single system and just hoping the vendor is secure. I have access to one but refuse to put much information in. Is this mindset incorrect?

AnarchistArtificer ,

It reminds me of the recent Crowdstrike fiasco: apparently kernel level access was needed for their anti-malware to be able to properly work (because that way their net can cover the entire OS basically), but that high level of access meant that when CrowdStrike fucked up with an update, people’s computers were useless. (Disclaimer, I am not a cybersecurity person and am not offering judgement either way on whether Crowdstrike’s claim about kernel level access was bullshit or not)

In a similar way, in order for identity theft monitoring services to work, they surely will need to hold a heckton of data about you. This is fine if they can be trusted to hold that data securely, but otherwise… ¯_ (ツ)_/¯

I share your unease, though I don’t feel able to comment on the correctness of your mindset. Though I will say that on an individual level, keeping an eye on your credit reports in general (from the major credit agencies) will go a long way to helping there (rather than paying for serviced that give you a score and other fancy “features”, you can request either free or v. low cost report which just has the important stuff you need to know.)

I also know that if you want to be extra cautious, you can manually freeze your credit so basically no new lines of credit can be opened in your name. This is most useful for people who have already been a victim of fraud, or they expect to be at risk (such as by shitty family, or a data breach). I don’t know how one sets this up, but I know that if you did want to set up a new line of credit, you can call to unfreeze your credit, and then freeze it again when your application for the new credit is all done. I have a friend who has had this as their default for years now because of shitty family.

TwitchingCheese ,

Yea that’s a tough system to design for. Ideally you want sensitive stuff like that, where you don’t care what the data is just that something matches it, stored as the results of a one-way hash function.

The problem is that most of the data you’re going to want to secure is pathetically tiny. 10 digit SSN? My phone can brute force that in a few minutes if you’re doing raw hashes. Gotta salt them. But now you have a tradeoff decision, salting every one uniquely is best but now your comparison needs to do [leaked data] × [customers] checks to find matches. Same salt on all of them and as soon as one is cracked they all are.

Confused_Emus ,

Go ahead, steal my identity. See if you have any better luck with it.

I keep all my credit reports frozen. These days, everyone should.

fmstrat OP ,

Keep in mind there are 4 providers now, not 3!

Confused_Emus , (edited )

Oh? Who’s the new one?

ETA: I got woosh’d, didn’t I? I just came off night shift and it’s not even 8AM. That’s my story and I’m sticking to it.

werefreeatlast ,

I am. Your login is locked unfortunately. Send me your username and password if you want to unlock it. It’s fairly common. You’ll get your credit score as well.

Confused_Emus ,

Such a helpful employee!

User: DaftPensioner Pass: GoRockettes1964!

asqapro ,

There are actually more than 3 providers and you should put a freeze on everything you can. You only need unfrozen credit for applying for new lines of credit (loans, credit cards, etc), and unfreezing is a quick process (15 minutes or so).

Here’s a pretty comprehensive guide for protecting yourself: old.reddit.com/…/psa_freezing_your_three_main_cre…

It’s better to take these steps before you get your identity stolen rather than after. These steps can prevent your leaked information from being used against you.

rotmulaaginskyrim ,

Seems like this post is two years old at this point. Is it still valid?

asqapro ,

Even if some of the information is outdated, although I believe it’s all still valid, the main points / TL;DR are absolutely relevant. It’s unlikely that the main bureaus will change, and although the exact steps for freezing may change over time, the emphasis on freezing is important.

rotmulaaginskyrim ,

makes sense, thanks

fmstrat OP ,

Nope, I’m serious. innovis.com

They’ve grown enough to require locking. There’s also www.chexsystems.com which many banks use for opening checking accounts. They’re unique because they handle stuff that doesn’t show up in a credit report.

other_cat ,
@other_cat@lemmy.world avatar

Is anyone else completely unable to register on chexsystems? Usually when this happens I can’t tell if it’s because of my privacy settings or a legitimate fuckup on the server’s end.

CallateCoyote ,
@CallateCoyote@lemmy.world avatar

Dang, that’s quite a few people. Maybe we can stop linking our identity to a simple number in the US sometime? That would be swell.

Alexstarfire ,

https://qph.cf2.quoracdn.net/main-qimg-d20d508b73f0f30cdab2f3fafecf5f93-pjlq

  • All
  • Subscribed
  • Moderated
  • Favorites
  • [email protected]
  • random
  • lifeLocal
  • goranko
  • All magazines
    •