Someone misuses your credit card, the bank takes action and you owe nothing. Big deal.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Major 'National Public Data' Leak Worse Than Expected With Passwords Stored in Plain Text
- Thread starter MacRumors
- Start date
- Sort by reaction score
Yep. Anything for a dollar.
Until congress pulls their head from their ass and actually implements PII data protection laws, similar if not identical to the EU, this is going to continue.
But I'm also betting that the White Sox are shoe-ins for this years playoffs and will make a world series run.
Guess which one has a better chance of happening...
People have willingly given SSNs on paper applications or when calling customer service for years also. Giving out private info is not an internet invented thing. You get those credit cards by first giving your SSN
Little of column A, little of column B. Spice in a little of column C where those in charge do not care about columns A and B and are only interested in column D where they get to cash out their stock options and avoid jail time.
Really all you can do is always keep an eye on all your accounts which is pretty easy these days, and put fraud alerts on your credit report to one company and it goes an for all 3, I believe 2 in Canada.
The US does not have an equivalent to the GDPR. The closest is the CCPA which was passed by the state of California but is not nationwide.
So everyone's identity in this country has been leaked and NPD will apologize, DC politicians will waggle their fingers and say "bad NDP, BAD!" and all will be forgiven. We will all get 30 days of free credit monitoring and that's it.
Either file criminal charges against all NPD top executives or get rid of SSNs and create a better system for that. SSNs were never even designed for current usage. SSNs were designed for specific purposes, but now everyone wants to know your SSN and then ends up leaking it.
Either file criminal charges against all NPD top executives or get rid of SSNs and create a better system for that. SSNs were never even designed for current usage. SSNs were designed for specific purposes, but now everyone wants to know your SSN and then ends up leaking it.
Yeah... tried that and next passkey overrode precious one.
I'm fine with plain old passwords and TOTP...
And not a damn thing will be done to these companies. Until there are legit penalties (like the big wigs getting fined/jail time) this will continue and the government will continue to allow it.
Also, now would be a great time to move away from SSN being used for damn near everything to identify people and to something else.
Also, now would be a great time to move away from SSN being used for damn near everything to identify people and to something else.
Now the Banks, Credit Card and other financial services companies will try monetise this by asking the public to pay them monthly security subscription in case of any fraud or financial impropriety! Great business model! Long live Capitalism! LOL
The USA Gov only regulates its people not the corporations. It’s their business model.
When it’s exclusively controlled by corporate lobbyist then no the USA doesn’t have strong consumer laws compared to the EU. Which actually works for its people sometimes.
Storing passwords in an un-encrypted, plain text file is just gross negligence at this point. Senior leadership that allowed this (let's be honest, they always skimp out on investing in IT security until it bites them in the ass) need to be held criminally liable with potential jail time at this point.
In a big corporations with data centers having several hundred to thousands of servers it will be difficult to remember password for each one of the servers they manage. I know a case where the user id and password of the IT Director is shared among the IT Teams(especially, the software development teams) across the regions to access the servers. Same user name almost same password. They do vulnerability check almost every day and ask the development teams to address fixes immediately in all these thousands of servers. You may need several weeks to just login to these servers forge alone fixing the vulnerabilities, testing them and rolling it over production. In these circumstances they all do these all along. Of course, basic authentication is done at the VPN level using extensive measures, but once you are inside, then with this user id and password, anyone can gain access to all these servers.
All VPs look at the Vulnerability reports almost every day and scream at the IT Directors that the number of vulnerabilities should be less than double digit or so…and ask for the plan to address all the high and critical vulnerabilities. There are tools which even identifies such passwords, vulnerable coding, outdated frameworks etc…
Interesting to hear about how IT infrastructure is handled in other orgs, but it sounds all too common. That in general just seems like poor security practices. I work for a healthcare system and it is repeatedly drilled into us that User IDs and passwords are never to be shared with access audits regularly reviewed. Group permissions are very tightly controlled. Granted though, this was after a small security breach we encountered and they expanded the IT system's annual budget. Again, I hate how security is treated as an afterthought and is more reactive than proactive - I get how being a cost center looks on a balance sheet, but they never account for the potential real and non-tangible damage a significant security breach can cause - especially when it comes down to PHI where you do not want the HHS to rain hellfire for HIPAA violations. Again, it seems like sheer negligence to store user IDs and passwords in a non-encrypted text file. Bare-minimum, we at least password-protect any remotely sensitive documents.
This is different type of mitigation, wait for a small incident to take place and ask for the budget increase for security measures citing business reasons on the potential risk.
There are continuous monitoring happens across all big organizations at the network pocket level using various tools without compromising the performance but using resilience (switch between redundancies). Even if they gain server access, the actual Customer / User Identifiable Data will not be there easily for fetch! The Database or Data Store should have been encrypted in the first place (but if you work on data ingestion, data pipeline type systems where data in millions or billions of records, this may slow down the experience) , then domain modelling would make the data in multiple places and it would take highly skilled and those who understand the domain extensively could pull the relevant matching data. This requires extensive insider’s help, without that many of these are impossible.
If they foolishly store the customer name, phone number, address, age, etc…in a simple format in a single file/data store and that doesn’t have proper access methods to restrict access, good luck!
This is not only hilariously (and hopefully intentionally -Poe's law) ironic, but also naive at best. People who bury their head in the sand were more likely to be affected by this than people like me who sometimes message and call background check sites to remove their information.
I checked to see if my information was in this leak and it wasn't. So clearly using the internet isn't the problem because I am a hopeless addict. Trusting the State and its complicit corporations is the problem. This affected tech-unsavvy normies across the board more than anyone else.
For said normies, if you don't feel like messaging data brokers and background check sites yourself to request data removal, then check out Aura and get a subscription. For the same price as World ot Warcraft per month, you can purge this crap. I didn't sub to Aura myself because I don't care that much, but after this leak, that may change.
If you think that is an ad for those Unabomber-vindicating techbros solving the problems they caused, that's hilarious and I just underlined another reason why I've hesitated subbing to Aura myself for this long: Aura is profiting from its own economic sector's unhinged megalomania. 🙄
As someone born and stuck in the USA, I can confirm that it bipartisanly says everything you need to know about America's legal system, moral priorities/principles, equity, and self-awareness that doxing - even of public figures and organizations that cause and profit from this stuff - is illegal, but corporations gathering and possessing other people's data without their consent is completely legal, and leaks and hacks of said data carry no criminal consequences for the corporations that engaged in legally-protected not-real-doxing.
And what's amazing is how people will insist that blatant violations of freedom and privacy of the entire country's citizenry by government-protected corporations is once again a flaw of the ever-more-mythical free market we allegedly have here. I think you need to look up the definition of freedom if you think America has a free market. Though merriam webster and Cambridge probably changed that definition too by now. 🤣 Have the alphabet agencies finally figured out how to define terrorism in a way that doesn't label their own activities as such?
They're literally trampling our freedom here without consequence, and you still want to delusionally blame freedom and ask the government to do something it hasn't and won't - hold the sociopaths in their own club accountable. It has to be glaring for them to act or they have to be coerced by public outcry, and you're behind on that homework with ending foreign intervention, making more progress towards nuclear disarmament, and ending military aid to genocidal apartheid states, so I won't hold my breath.
Protect yourself. The government and it's "well-intentioned" advocates won't.
And what's amazing is how people will insist that blatant violations of freedom and privacy of the entire country's citizenry by government-protected corporations is once again a flaw of the ever-more-mythical free market we allegedly have here. I think you need to look up the definition of freedom if you think America has a free market. Though merriam webster and Cambridge probably changed that definition too by now. 🤣 Have the alphabet agencies finally figured out how to define terrorism in a way that doesn't label their own activities as such?
They're literally trampling our freedom here without consequence, and you still want to delusionally blame freedom and ask the government to do something it hasn't and won't - hold the sociopaths in their own club accountable. It has to be glaring for them to act or they have to be coerced by public outcry, and you're behind on that homework with ending foreign intervention, making more progress towards nuclear disarmament, and ending military aid to genocidal apartheid states, so I won't hold my breath.
Protect yourself. The government and it's "well-intentioned" advocates won't.
It’s a failed government model is my point. The problem is the politicians do what the corporations want not what the people want.
I want to clarify that I'm not saying I trust the free market. Freedom isn't about trust. It's about respect - of individual/human rights. And I do believe that you need enforcement and security in order to maintain that respect.
And a monopoly on that enforcement is obviously going to be rife with corruption and abuse.
What is a State?
Who made data collection like NPD did that wantonly violates individual rights legal?
Who armed banana corporations with death squads?
Libertarian atheists, if you ask the State-fellating culture war. 🤡
Okay, I'm sorry about typing all that. I just took my psych meds like you all wanted. I agree with you now. NPD was trusted by the State and corporations to do background checks to protect us like all Good(TM) States do, and NPD's greed-filled humors caused them to be lax in security, which led to mentally ill hackers motivated only by their own greed and psychosis and no crimes against humanity or bad economic circumstances brought on by US global hegemony into hacking and stealing US corporation-held data.
The State will protect us. I love Big Brother. I hope Putin and Hamas don't SA my butthole like Biden and Trump warned me would happen if we don't give their righteous and heroic opponents 100 billion dollars of our money. The homeless can just stop being homeless if they just take their meds and trust Big Brother like normal people do, so they don't need it as much as our heroic allies like Zelensky and Netanyahu.
I shouldn't empathize with or try to understand others like Palestinians, Russians, or hackers when Big Brother tells me not to do so. They might take advantage of me. Big Brother and its angelic allies in Azov Batallion, the IDF, and Silicon Valley would never do that. They're good because the law says so, and that's never wrong because its American/Progressive-made. Americans/Progressives are totally just like the heroes in fiction that they play and write about, slaying Goa'ulds, Freezas, Aizens, Red Skulls, and Jem'hadar, and never acting like those cliche evil villains at all whatsoever. I totally haven't been spitefully sarcastic for the last three paragraphs. I'm just finally thinking like a normal, sane person on this realer-than-fiction, totally-not-dystopic planet. Hallowed are the Ori! Thank you for saving me from myself!
And a monopoly on that enforcement is obviously going to be rife with corruption and abuse.
What is a State?
Who made data collection like NPD did that wantonly violates individual rights legal?
Who armed banana corporations with death squads?
Libertarian atheists, if you ask the State-fellating culture war. 🤡
Okay, I'm sorry about typing all that. I just took my psych meds like you all wanted. I agree with you now. NPD was trusted by the State and corporations to do background checks to protect us like all Good(TM) States do, and NPD's greed-filled humors caused them to be lax in security, which led to mentally ill hackers motivated only by their own greed and psychosis and no crimes against humanity or bad economic circumstances brought on by US global hegemony into hacking and stealing US corporation-held data.
The State will protect us. I love Big Brother. I hope Putin and Hamas don't SA my butthole like Biden and Trump warned me would happen if we don't give their righteous and heroic opponents 100 billion dollars of our money. The homeless can just stop being homeless if they just take their meds and trust Big Brother like normal people do, so they don't need it as much as our heroic allies like Zelensky and Netanyahu.
I shouldn't empathize with or try to understand others like Palestinians, Russians, or hackers when Big Brother tells me not to do so. They might take advantage of me. Big Brother and its angelic allies in Azov Batallion, the IDF, and Silicon Valley would never do that. They're good because the law says so, and that's never wrong because its American/Progressive-made. Americans/Progressives are totally just like the heroes in fiction that they play and write about, slaying Goa'ulds, Freezas, Aizens, Red Skulls, and Jem'hadar, and never acting like those cliche evil villains at all whatsoever. I totally haven't been spitefully sarcastic for the last three paragraphs. I'm just finally thinking like a normal, sane person on this realer-than-fiction, totally-not-dystopic planet. Hallowed are the Ori! Thank you for saving me from myself!
