News Massive leak of US personal information shows up on hacking forum, including almost 2.7 billion records

[Admin]

Almost 2.7 billion records containing names, addresses, and even Social Security numbers of US residents has shown up as a free download on a popular hacking forum.

Massive leak of US personal information shows up on hacking forum, including almost 2.7 billion records : Read more

 

[Gururu]

Each day, I am beginning to appreciate two or more factor authentication. I have a couple of monitoring agencies watching my stuff but that is only because they were free after some organization got breached in the first place.

Everyone's info including SS# are in the dark web now. Keep watch on your accounts and check the credit reports for new unauthorized accounts.

 

[COLGeek]

Covered on our sibling site, as well:

News - 2.9 billion hit in one of largest data breaches ever — full names, addresses and SSNs exposed

Class action lawsuit in Florida has revealed that hackers stole a database full of sensitive information on 2.9 billion people before they tried selling it on the dark web. 2.9 billion hit in one of largest data breaches ever — full names, addresses and SSNs exposed : Read more

forums.tomsguide.com

 

[stuff and nonesense]

Privacy is hosed. Get your tinfoil hat out, put it on…

Every website tries to run scripts, place cookies, fill your screen with ads. You go to the local supermarket, they try to get you to sign on to their loyalty program.. every company wants your data, advertisers want to track you.. privacy shimacy.

Too few of these entities spend enough money on securing the data they have collected.

 

[ThomasKinsley]

None of this is acceptable, and yet society goes on barely noticing. Data mining the public has gotten out of hand until now your personal information is everywhere, ready for the next malicious actor or data corporation (I repeat myself) to hoover it up.

Each day, I am beginning to appreciate two or more factor authentication. I have a couple of monitoring agencies watching my stuff but that is only because they were free after some organization got breached in the first place.

While there are real benefits to be had with 2FA, the concept is flawed. It's essentially trusting these same corporations who keep getting hacked with your phone number (the commonly used tool for 2FA) in order to secure your password. But when they get hacked again, it will be your password and your phone number that malicious actors possess. There are also ways to circumvent 2FA.

 

[bolweval]

Too few of these entities spend enough money on securing the data they have collected.

Those entities are probably the ones selling our data...

 

[yahrightthere]

It's beyond time that the inept congress gets involved & stop any & all companies from collecting data on everyone. (yeah ok that will never happen, it's called under the table kickbacks)
If a company wants to sell a product, I should not have to agree to terms that give them the option to collect my data, especially not my social security number, that, should be used only for federal & state government purposes period.

 

[Giroro]

I would argue there is no such thing as a "legitimate" business that buys/sells Social Security numbers and related personal information en masse. Any database that is a mass-aggregation of citizen data could be used to threaten national security, and therefore should be seized, secured, and marked as classified so that the companies who aggregate, store, and manage this data could be held criminally accountable when they allow it to be released internationally - whether or not the release was intentional.
Rules would need to be put into place to determine how much data is too much data. But hopefully most people would agree there's a point where keeping too much data in one place starts to become a real problem.

That said, people in the US still have no guaranteed right to privacy whatsoever. Until some real legislation (preferrably a constitutional amendment) gets put into place to protect privacy at even the most basic level, then these giant data gluttons are just going to keep getting bigger, and more reckless.

 

[stuff and nonesense]

I can’t remember or find the source but I saw something a few years ago, paraphrasing, “It takes 7 pieces of information to identify you”. This was referring to data in an anonymised list. The data collectors often claim that your data is safe and anonymised….

There is one question I would like asking of the data collectors. What constitutes “Legitimate Interest” with regard to cookies etc. I have no relationship with companies that claim legitimate interest, needless to say I deny them permission.

I have scripts blocked, I have adverts blocked. TH looks like a good site, clean, neat and tidy. When the adblocker is off it’s a mess.

 

[hotaru251]

Technology has advanced as such a rate that USA needs to start making a new system to keep SSN#'s & the like secure. Even if it needs a system overhaul long term its worth it. Possibly have multiple req. such as having to authenticate any use of that SSN given how important that is to an american.

 

[USAFRet]

I can’t remember or find the source but I saw something a few years ago, paraphrasing, “It takes 7 pieces of information to identify you”. This was referring to data in an anonymised list. The data collectors often claim that your data is safe and anonymised….

Back in the early 00's, there was a leak of anonymized search data from AOL. Millions of search records.
Zero actual user names, etc.

With just the info of what people searched for, a group managed to positively identify some humans. Name, address, etc.

 

[8086]

USDoD interview

https://cybernews.com/editorial/interview-with-hacker-usdod-black-forums/

 

[abufrejoval]

I remember getting crucified standing up for data protection the strict way we Germans interpret it.

Years later I was very glad the Austrian Max Schrems started his work against Meta & Co for their Wild West data abuse. His organization NOt Your Business (NOYB.eu) is doing its best to fight it in the EU, where some legal frameworks at least exist, even if the Irish data protection office was long seen as something of a foreign agent when it came to actually fighting it.

I'm glad it's now reaching levels of awareness, where some counter measures might actually be taken, but its true horrors will only show, once the companies holding the biggest data treasure troves will go bankrupt and sell them to anyone who pays them some bucks.

 

[stuff and nonesense]

I remember getting crucified standing up for data protection the strict way we Germans interpret it.

Years later I was very glad the Austrian Max Schrems started his work against Meta & Co for their Wild West data abuse. His organization NOt Your Business (NOYB.eu) is doing its best to fight it in the EU, where some legal frameworks at least exist, even if the Irish data protection office was long seens as something of a foreign agent when it came to actually fight it.

I'm glad it's now reaching levels of awareness, that some counter measures might actually be taken, but it's true horrow will only come true, once the companies holding the biggest data treasure troves will go bankrupt and sell them to anyone who pays them some bucks.

IF all that was collected by a company was the minimum, non-intrusive in scope (pick your own definition) and required only for the business of the company directly the problem would be mimimised.

The selling of data, the number of recipients affiliated with a company, the cavalier attitude to security and the lack of regard/respect to the customers is the problem as I see it.

Yesterday I found out that Reach, a news publisher in the UK had changed their buttons on one of their web sites. Accept cookies, view for free. Reject cookies… pay us a subscription and view the same information. Essentially, you want privacy from us abusing your data.. pay for it!

 

[vijosef]

Just another important reason for which you should absolutely trust no personal data or information into google, microsoft, or anybody else.

They will leak it to the hackers.

 

[vanadiel007]

So this database with personal data, does it contain the data from Presidents, high profile CEO's, people like Elon Musk etc...?

Or does it only contain the data of everyone else? Hope it contains the Data of the Facebook guy, as he sells the data of the users on his platform all the time. Payback time!

 

[COLGeek]

So this database with personal data, does it contain the data from Presidents, high profile CEO's, people like Elon Musk etc...?

Or does it only contain the data of everyone else? Hope it contains the Data of the Facebook guy, as he sells the data of the users on his platform all the time. Payback time!

If those people used the compromised services, then yes.

 

[vanadiel007]

If those people used the compromised services, then yes.

My understanding based on the article is that this company scrapes public data to collect and build profiles, which they then sell to others.

How does the private data of millions and millions of people become available on the internet to "scrape", while at the same time that data never seems to included any high profile information?
Something does not make sense to me here.

 

[vanadiel007]

This is so confusing. This article states:

National Public Data scrapes the information from public sources, uses it to compile individual profiles, and then sells those portfolios. The company serves private investigators as well as entities needing to conduct background checks and obtain criminal records.

Another news reporting site states:

National Public Data is owned by Jerico Pictures, Inc. and is headquartered in Coral Springs, Florida. It is a background checking service that scrapes personally identifiable information of individuals from non-public sources. This means that many of the people who were affected by the breach did not knowingly provide any of their personal information to NDP.

So what is it: scraping from public sources, or scraping from non-public sources? The latter seems more plausible as typically public sources would not expose things like SS etc... in plain view for others to scrape.

 

[USAFRet]

So what is it: scraping from public sources, or scraping from non-public sources?

Probably both.

 

[COLGeek]

This is so confusing. This article states:

National Public Data scrapes the information from public sources, uses it to compile individual profiles, and then sells those portfolios. The company serves private investigators as well as entities needing to conduct background checks and obtain criminal records.

Another news reporting site states:

National Public Data is owned by Jerico Pictures, Inc. and is headquartered in Coral Springs, Florida. It is a background checking service that scrapes personally identifiable information of individuals from non-public sources. This means that many of the people who were affected by the breach did not knowingly provide any of their personal information to NDP.

So what is it: scraping from public sources, or scraping from non-public sources? The latter seems more plausible as typically public sources would not expose things like SS etc... in plain view for others to scrape.

I have viewed my data (I was notified multiple times). Some is right. Some is wrong. Most is rather old. There is a lot of it and will have to be monitored forever.

From looking at the data, it obviously came from MANY sources. Given the number of compromised sites, services, and the lack of actual data protection, none of this is a surprise at all.

I would hazard to guess that nearly every human who has accessed the interwebs (and registered for anything) has been part of a compromise, whether they know it or not.

 

[stuff and nonesense]

So what is it: scraping from public sources, or scraping from non-public sources? The latter seems more plausible as typically public sources would not expose things like SS etc... in plain view for others to scrape.

They scrape anything they can get their grubby hands on.