especially rumor sites, I stay clear of those
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Major 'National Public Data' Leak Worse Than Expected With Passwords Stored in Plain Text
- Thread starter MacRumors
- Start date
- Sort by reaction score
I'm kind of dreaming of the idea that it's a 'honeypot' file with fake manipulated information...give that employee a raise! 😂 Maybe if enough of these companies that can't seem to keep data safe can generate enough obfuscated fake data alongside the real data, when breaches do inevitably occur, potential clients seeking the stolen information will be unable to determine what is useful and what isn't.
AI overlord: generate five million fake personas with addresses, user account names, and passwords stored in plaintext and compressed into a zip file named 'members_bankaccounts_ssn.zip'.
I mentioned this before but the same people that complain about putting info out on the internet willingly handed over credit cards to waiters and watched them walk away with their info back in the day and did not think twice. As long as you are part of the world in any way, your info is not safe and never will be
Perhaps we shouldn't allow companies like this to exist...
The website you linked to to see if you are part of the breach, npdbreach.com is bogus. You can put in any random number for SSN and it says you are part of the breach.
Is there any way we can have new 'private' social security numbers created -- and then require companies that ask for the info to use a workaround? all of our ss's have been exposed at this point!
'Back in the day' even if you hawk-watched the waiter with your card, they still created a triplicate form dupe including all of your info and your signature for receipts, taxes, etc. So any crook in any establishment that handled sales would have access to a treasure trove of data for identity theft, if that was the goal. I mean, come on, it's generally not a handful of waiters or salespeople massively stealing from the public and running huge fraud schemes (and that's aside from the bankers).
I didn't take it to mean that, only that there were all kinds of possibilities for theft. Not centralized in public databases like now, I guess you'd say it was more an individual vs corporate theft process.
I was cleaning my files off the server when I left a company once and noticed a Salary.zip file sitting out in the open. It had every employees salary details including bonus programs. Super eye opening. Nothing is ever really secure.
"Back in MY day", we used to write our social security numbers on our college projects for ID and prove it was ours. It was standard policy! We never thought anything of it back then (1985-89). Scary!
The US lacks enforcement. We have laws. https://www.ftc.gov/news-events/top...privacy-security/privacy-security-enforcement
of course it does - you can get a gun and go all "wild-wiod-westy"
passkeys are stupid and you can easily get locked out of your date being at the mercy of giant corp...
as a side note -it's fascinating that plain SSN has so much value and power in the USA...
That actually sounds like a great idea. Of course companies will fight tooth and nail to block any legislation like that.
I actually can’t. What does AI have to do with it?
Yeah, this doesn’t seem to change anything. A lot of comments seem to assume that the passwords were part of the leaked data, but this file contained employer information and site code.
Yeah, in Denmark it used to be the case that our CPR (roughly equivalent of SSN) could be used for a lot of things like that. Nowadays you almost always need to use our country wide digital signing solution, typically via an app.
Ok, but you can’t really conclude from an anecdote that NOTHING is secure.
Passkeys are great, and you can setup multiple if your concern is that you’ll be locked out, or use keys generated by whatever password app you trust.
Unless you never applied for a car loan, mortgage,rent, credit cards,bank accounts, go to the hospitals or doctors/dentists, etc....or having a SS number, your information most likely are already in the 3 major credit bureaus (equifax, Transunion...) from credit inquiries !
Then the data can be inquired by "credit check" by these businesses like NPD and alikes, then the selling keep on going , include the dark web sites once they are hacked. So using the internet or not does not prevent your data to be hacked from one of the data brokers.
Our law makers don't seem to get it, what is the penalty for hacking infecting malware/ransome ware? The hackers may even get job offers for being so smart, smarter than people in Microsoft, Solarwind, or even... the FBI?..
The excuses like 'they are Chinese,Russians,N. Korea....or some teenagers' are not acceptable. There must be a way to shutdown the "dark webs' and hacker forums, until then they are just laughing at the laws and the law abiding citizens, while racking millions illegal win fall (tax free too)
If memory serves me right, a number of years ago the EU amended one of it's laws relating to Health and Safety in the workplace to make it so company directors and owners can now be held directly liable for various types of health and safety breaches. No longer is it a slap on the wrist and a heavy fine, now directors and owners can be sent to prison and/or personally financially ruined. This has changed the mindset of directors and owners in the EU in making sure they follow ALL proper health and safety practices in the work place.
There needs to be something similar handed out to directors and owners of companies where their ignorance and/or arrogance of data security causes data hacks to occur. No longer should it be a case of 'I'm sorry, I will endeavor to do better' followed by a hefty fine, these directors and owners should be put in prison due to the amount of people's lives that will be ruined due to their personal data getting in to the hands of criminals.
There needs to be something similar handed out to directors and owners of companies where their ignorance and/or arrogance of data security causes data hacks to occur. No longer should it be a case of 'I'm sorry, I will endeavor to do better' followed by a hefty fine, these directors and owners should be put in prison due to the amount of people's lives that will be ruined due to their personal data getting in to the hands of criminals.
I don't have time to fully get into this with you this morning, but start with a Google search. Here is one article I found on the first page of the results. https://www.xcitium.com/blog/it-security/hackers-are-stealing-our-data/
Credit cards aren't the issue. The CC companies are pretty good at spotting fraud and then they issue a new card. It's annoying for the consumer but most of the costs accrue to them as long as it isn't happening every week.
Full identity theft and changing a SSN however is a different category of difficult and then there's biometrics...
The issue with the SSN is that it was never intended to be used as an authenticator. Just an identifer -- like your name but unique. We never should have let companies use knowledge of one's SSN as proof of identity.
Then it was a mistake to double down on this ~ 20 years ago when a law was passed to make companies hide people's SSN. Why? Because that just reinforced the idea that SSN is some sort of private key authenticator.
At this point everyone should assume everyone's SSN is public and treat knowledge of one as like having someone's business card.
The larger economy of businesses however don't want to do this as the additional costs of actual identity verification would fall to them while the benefits don't.
It always amazed me when there is yet another data leak and to see if you are included in this data leak you need to provide all your details on yet another website that is also susceptible to data leaks. Would rather luddite and disconnect than this.
Good habit in the digital age is to never rely on one single data provider. Three or four email addresses, fake facebook, instagram and tiktok, multiple simcards? Good! Never bad. Because if one leaks you got it disposable.
As for the banking and other serious stuff it must be 2fa-ed and used on one or two trusted devices, no other way
Good habit in the digital age is to never rely on one single data provider. Three or four email addresses, fake facebook, instagram and tiktok, multiple simcards? Good! Never bad. Because if one leaks you got it disposable.
As for the banking and other serious stuff it must be 2fa-ed and used on one or two trusted devices, no other way
🤣 so explain to me if you have never used the internet and never will, then how are you posting the comment on this forum? What do you think you are reading this article on and replying on? Also the data breach had nothing to do with you being on internet it was from some company who we didn't give our info to doing back ground checks on people