Giant leak exposes data from almost all Brazilians(somagnews.com)
somagnews.com
Giant leak exposes data from almost all Brazilians
https://www.somagnews.com/giant-leak-exposes-data-from-almost-all-brazilians/
134 comments
Looks like it's Experian -- again.
https://www.serasaexperian.com.br/
https://en.wikipedia.org/wiki/Experian#2015_data_breach
https://en.wikipedia.org/wiki/Experian#2020_data_breach
https://www.serasaexperian.com.br/
https://en.wikipedia.org/wiki/Experian#2015_data_breach
https://en.wikipedia.org/wiki/Experian#2020_data_breach
They've certainly failed on a number of occasions.
Given the type of data they hold, you would expect they get targeted a lot more. Which is why they need to do better.
Much better
Given the type of data they hold, you would expect they get targeted a lot more. Which is why they need to do better.
Much better
> It is one of the "Big Three" credit-reporting agencies, alongside TransUnion and Equifax.
It's an Equifax buddy.
It's an Equifax buddy.
Is there a way for someone to look up what leaked about them so they can determine how problematic this could be?
Yes. The hacker has a contact email where you can send queries using the CPF (unique for each Brazilian) of whoever you want. He'll then send you a bitcoin address for payment and send you back the info.
It would be pretty short-sighted to reward such an individual.
I’ve already had to reward the government and credit bureaus to get access to my data. I don’t see anything too different about rewarding this hacker just because the law doesn’t bless this sort of data extortion like it does the rest.
Would it? Hacking on the internet is pretty much immune to conventional systems that keep people honest, like being able to be caught and prosecuted or social norms. I think it's more useful to see hackers as like a force of nature to defend against but which it's useless to try to do any moralizing about. The more hacking that happens, the more secure computers will (hopefully) be made in defense, and the less vulnerable to future hacks. Hopefully it's not an endless arms race and eventually we figure out standard ways to keep things secure as a result.
[deleted]
Even tough it's sound pretty bad and big (and it is), this is not new to brazilians. It's a known thing that you can buy DVDs (yes, DVDs) with personal data from millions of Brazilians customers on the streets of Sao Paulo. Daylight market (called Camelo's).
There was some news articles about it a few years ago. Even the former president data was there. Social Security Number (not as secret as it is in the US and Canada), address, name, phone number. Even some family relations. It was pretty cheap.
There was some news articles about it a few years ago. Even the former president data was there. Social Security Number (not as secret as it is in the US and Canada), address, name, phone number. Even some family relations. It was pretty cheap.
This leak is much more harmful. If the data really comes from Serasa Experian, they have more accurate and structured data from people/companies/assets in Brazil than anyone else.
Man, why can't we get some useful data leaks? Like all the records from companies incorporated in DE, or all the tax records from companies and rich people or another one from offshore account havens.
Ever heard of the Panama Papers?
The problem with useful data leaks is that the people working on them have an unfortunate habit of getting killed.
https://en.wikipedia.org/wiki/Daphne_Caruana_Galizia
> At the time of her death, Daphne Caruana Galizia was facing 48 libel suits.
> On 16 October 2017, Caruana Galizia was driving close to her home in Bidnija, when a car bomb placed in her leased Peugeot 108 exploded, killing her instantly. The blast occurred on Bidnija Road, and left the vehicle scattered in several pieces across nearby fields.
https://en.wikipedia.org/wiki/Daphne_Caruana_Galizia
> At the time of her death, Daphne Caruana Galizia was facing 48 libel suits.
> On 16 October 2017, Caruana Galizia was driving close to her home in Bidnija, when a car bomb placed in her leased Peugeot 108 exploded, killing her instantly. The blast occurred on Bidnija Road, and left the vehicle scattered in several pieces across nearby fields.
I would assume the companies working on those accounts care more about security than the company working for average citizens. They can actually go out of business and see consequences after being hacked as opposed to, say, experian.
https://www.somagnews.com/giant-leak-exposes-data-from-almos... links to the source of the snippet
> According to the experts, who use artificial intelligence techniques to identify malicious links and fake news, the leaked data contains detailed information on 104 million vehicles and about 40 million companies, potentially vulnerable to 220 million people.
> According to the experts, who use artificial intelligence techniques to identify malicious links and fake news, the leaked data contains detailed information on 104 million vehicles and about 40 million companies, potentially vulnerable to 220 million people.
Ok, we've changed to that from https://www.databreaches.net/giant-leak-exposes-data-from-al.... Thanks!
Thanks, finally somebody telling what data is on the leak.
> Information on the more than 104 million vehicles reveals important details, such as chassis number, license plate, municipality, color, make, model, year of manufacture, engine capacity and even the type of fuel used. In the case of legal entities, the following were leaked: CNPJ, corporate name, trade name and date of foundation.
Every piece of information on this list is either plainly visible (for cars) or published by the government.
The article talks about data of real people (not companies), but doesn't say what leaked about them.
> Information on the more than 104 million vehicles reveals important details, such as chassis number, license plate, municipality, color, make, model, year of manufacture, engine capacity and even the type of fuel used. In the case of legal entities, the following were leaked: CNPJ, corporate name, trade name and date of foundation.
Every piece of information on this list is either plainly visible (for cars) or published by the government.
The article talks about data of real people (not companies), but doesn't say what leaked about them.
This link [0] may have the information you are looking for.
The link above seems to be from an unrelated breach, the one discussed in the OP affects pretty much everything, not even your LinkedIn profile managed to escape.
[0]: https://tecnoblog.net/404838/exclusivo-vazamento-que-expos-2...
The link above seems to be from an unrelated breach, the one discussed in the OP affects pretty much everything, not even your LinkedIn profile managed to escape.
[0]: https://tecnoblog.net/404838/exclusivo-vazamento-que-expos-2...
Wow, yes, that has the information. That's a really broad leak.
> The article talks about data of real people (not companies), but doesn't say what leaked about them.
Personal data (CPF, Birth day and so on), credit scores, social class, acquisitive power, and other informations that a company specialised in credit score have. (the leak is probably from a credit score company).
Personal data (CPF, Birth day and so on), credit scores, social class, acquisitive power, and other informations that a company specialised in credit score have. (the leak is probably from a credit score company).
> Every piece of information on this list is either plainly visible (for cars)
Nope, engine capacity, fuel type and year of manufacture are generally not visible on a car; the VIN is also not always publicly visible (in Europe, I don't know how the regulations are in Brazil).
What makes this database dangerous is its value for criminals in aggregated form... it's enough data to forge a car title, and assuming that there is another database that links VINs to individual people (either from the government or from a hacked bank), it now is possible to identify targets for a break-in attack.
Nope, engine capacity, fuel type and year of manufacture are generally not visible on a car; the VIN is also not always publicly visible (in Europe, I don't know how the regulations are in Brazil).
What makes this database dangerous is its value for criminals in aggregated form... it's enough data to forge a car title, and assuming that there is another database that links VINs to individual people (either from the government or from a hacked bank), it now is possible to identify targets for a break-in attack.
> the VIN is also not always publicly visible (in Europe
VIN is visible in the windscreen on cars. In UK at least,
VIN is visible in the windscreen on cars. In UK at least,
In Brazil it's on the lateral windows.
I don't see how it can be new. When I lived some years in Brazil (around 1999-2001), and you could buy at a specific street in Sao Paulo, a CD with all the taxes information from every brazilian citizen.
I remember seeing the news, years ago, that a guy was trying to discover were spammers were getting his email. So he created a bunch of emails for different things.
Guess which email started receiving spam very quickly? Yeah, the one he used for taxes
Guess which email started receiving spam very quickly? Yeah, the one he used for taxes
I've been doing this for exact 20 years this week. I always use a unique address for each site (pretty easy; I just use a wildcard domain).
Pretty much everything has been leaked: most retailers, software companies, all phpBB forums, wordpress blogs, Experian, Amazon (3P Sellers, not AMZN itself), Dropbox, LinkedIn. The list goes on and on.
Notable exceptions: Google, Microsoft, Apple, IRS.
These days is a lot harder to see leaks, as most egregious spams get filtered even before it hits your server (I use GSuite).
Pretty much everything has been leaked: most retailers, software companies, all phpBB forums, wordpress blogs, Experian, Amazon (3P Sellers, not AMZN itself), Dropbox, LinkedIn. The list goes on and on.
Notable exceptions: Google, Microsoft, Apple, IRS.
These days is a lot harder to see leaks, as most egregious spams get filtered even before it hits your server (I use GSuite).
A better option than a wildcard domain with spam filtering is a server where there is zero spam filtering and each unique address goes to a unique folder. Then you have much more opportunity to detect leaks to spammers.
If your objective is to solely detect leaks, then sure, zero spam filtering is the best option.
In my case I'm just trying to live my life in a security conscious way, and detecting breaches is just a byproduct.
And of course the easiest option is to drop all that and just following Troy Hunt's HIBP [1].
[1] https://haveibeenpwned.com/
In my case I'm just trying to live my life in a security conscious way, and detecting breaches is just a byproduct.
And of course the easiest option is to drop all that and just following Troy Hunt's HIBP [1].
[1] https://haveibeenpwned.com/
I remember in the 90s when we thought it was funny to sign people up for every newsletter we could find. You could basically destroy someone's email address making it forever unusable by spending an hour signing up for junk.
I was even able to dos my mail server with a bot that signed up newsletters.
Tax information isn't that harmful, many Nordic countries release it as a public service.
This appears to be a new leak of Experian's Brazilian database, which contains basically everything about everybody.
This appears to be a new leak of Experian's Brazilian database, which contains basically everything about everybody.
I think OP's point was that Brazil has always had illegal structures for data exfiltration and so on...
> vulnerable to 220 million people.
In a country with 207 million people. This means that even the dead can't rest in peace.
On the bright side, we'll not have any data leaks anymore because there will be no more secrets to leak. :)
In a country with 207 million people. This means that even the dead can't rest in peace.
On the bright side, we'll not have any data leaks anymore because there will be no more secrets to leak. :)
Probably concerns citizens living abroad as well
I was born dual US/Brazil and left Brazil just after turning 18 about 36 years ago, wondering wondering whether I'm in the leak and whether anyone could use my info to open illicit bank accounts, etc. I don't want to be associated with money-laundering, and am too far in headspace from financial-institutions/credit-bureaus to check it out.
If you declared permanent out-of-country move, you (or an impersonator) shouldn't be able to open accounts/buy things - as far as I know.
I think there are extra fees as a foreigner. You are not prohibited of having a bank account, insurance, using credit, etc. But most systems will prevent the CPF of being used without some sort of special approval.
We should literally start making a parody of this article, but on our blog:
https://en.wikipedia.org/wiki/%27No_Way_To_Prevent_This,%27_...
EDIT: I wrote it
https://qbix.com/blog/2021/01/25/no-way-to-prevent-this-says...
https://en.wikipedia.org/wiki/%27No_Way_To_Prevent_This,%27_...
EDIT: I wrote it
https://qbix.com/blog/2021/01/25/no-way-to-prevent-this-says...
> “No, we have bigger problems than that to worry about.”
Pretty much that. In the "Maslow's pyramid of government-related needs", the doxxing is near the top. People are much more worried with stuff like not dying to covid, not being kidnapped, not dying in traffic, paying the dreaded Boletos (bills), etc. Internet doxxing is dwarfed by the more urgent needs. Brazilians are also sure that exactly zero things are going to be done about these leaks. Some government representative is going to say "we're going to investigate" and that's as much as we're going to get.
I would love to be wrong here, by the way.
Pretty much that. In the "Maslow's pyramid of government-related needs", the doxxing is near the top. People are much more worried with stuff like not dying to covid, not being kidnapped, not dying in traffic, paying the dreaded Boletos (bills), etc. Internet doxxing is dwarfed by the more urgent needs. Brazilians are also sure that exactly zero things are going to be done about these leaks. Some government representative is going to say "we're going to investigate" and that's as much as we're going to get.
I would love to be wrong here, by the way.
This says that it leaked Brazilians' name & CPF numbers.
CPF being the number that people give to every random shopkeeper to enter that tax lottery. So, it's... not exactly a big secret. To do most official-type things you have to go down to the cartório with your actual ID, not just enter the number.
Heck, I've been to places where you had to use one to use the free wifi. Granted, in that particular case, it didn't care if you used someone else's. I wouldn't be surprised if that was also true, elsewhere, honestly.
I'm sure someone will find ways to misuse this but Brazil has bigger problems. Also, this doesn't seem to be a leak of government data, it looks like it came from Serasa Experian or one of its contractors.
So yeah, I tend to agree with you. If the government does something, it will probably be like that law posted on every elevator warning you to check that there's an actual elevator there, instead of just walking into the empty shaft. For those curious, that'd be lei estadual n^o 9.502 de 11/03/1997 - https://www.al.sp.gov.br/norma/?id=9419
CPF being the number that people give to every random shopkeeper to enter that tax lottery. So, it's... not exactly a big secret. To do most official-type things you have to go down to the cartório with your actual ID, not just enter the number.
Heck, I've been to places where you had to use one to use the free wifi. Granted, in that particular case, it didn't care if you used someone else's. I wouldn't be surprised if that was also true, elsewhere, honestly.
I'm sure someone will find ways to misuse this but Brazil has bigger problems. Also, this doesn't seem to be a leak of government data, it looks like it came from Serasa Experian or one of its contractors.
So yeah, I tend to agree with you. If the government does something, it will probably be like that law posted on every elevator warning you to check that there's an actual elevator there, instead of just walking into the empty shaft. For those curious, that'd be lei estadual n^o 9.502 de 11/03/1997 - https://www.al.sp.gov.br/norma/?id=9419
Not just CPF and names were leaked, lots of correlated information was leaked too, such as credit scores, civil status (married, single, etc), gender, birth date, e-mail, phone number, home and work addresses, education level, job, salary, net income, tons of data about bank accounts, even face pictures!
All that data, just available for anyone to dig in and do their worst.
Source (pt-br) https://tecnoblog.net/404838/exclusivo-vazamento-que-expos-2...
All that data, just available for anyone to dig in and do their worst.
Source (pt-br) https://tecnoblog.net/404838/exclusivo-vazamento-que-expos-2...
Yeah, that's a bit more concerning. I only wanted to make the point that CPF is used very differently from how SSNs are used in the USA.
Yes, plenty of data for anyone wanting to impersonate you and do social engineering virtually everwhere in the Brazilian territory.
Or find people nearby with a bit money and rob them?
Reminds me of the American SSN.
”This number is super secret and you must guard it with your life and never share! Oh also write it down on every semi-official form, send by paper mail, and enter into all sorts of webapps”
”This number is super secret and you must guard it with your life and never share! Oh also write it down on every semi-official form, send by paper mail, and enter into all sorts of webapps”
Sure, the SSN is used a lot but it's normally more for things on the level of bank accounts or signing up with a new employer, where there's some serious investment and need to validate your identity. When you enter it into a website, it'd better be for an important reason.
The CPF is something you might use at the grocery store when buying a piece of fruit in the hopes of winning 1000 BRL from the government for helping the store prove that it's paying its taxes. Go to SP and every shop will ask "CPF na nota?" True, you can just answer "não obrigado/obrigada" but from what I saw, most people give it out.
You just don't see that same level of usage in the USA. You're not going to wander into some store and have the shopkeeper ask for your SSN as soon as you get to the counter.
The CPF is something you might use at the grocery store when buying a piece of fruit in the hopes of winning 1000 BRL from the government for helping the store prove that it's paying its taxes. Go to SP and every shop will ask "CPF na nota?" True, you can just answer "não obrigado/obrigada" but from what I saw, most people give it out.
You just don't see that same level of usage in the USA. You're not going to wander into some store and have the shopkeeper ask for your SSN as soon as you get to the counter.
I dont bother being secretive about SSN, its security theatre. The person in earshot has a lower likelihood of bothering with it when every service provider that also has it will get mass hacked and are the primary targets.
I use a separate TIN or EIN (Tax/Employer Identification Number) where I can. All my businesses have one, even a sole proprietorship that exists purely in your head can obtain one, and this can go on many forms.
I use a separate TIN or EIN (Tax/Employer Identification Number) where I can. All my businesses have one, even a sole proprietorship that exists purely in your head can obtain one, and this can go on many forms.
Interesting, if you get paid on another TIN does it effectively become your main SSN? What about at retirement time? Would like to hear more about this.
“Effectively become your main SSN” no but loaded question. less places would have your ssn or tin. the only difference it really makes is peace of mind and relying on the current reality that hackers aren't targeting you or anyone specifically and you will have an additional way to verify yourself if someone did try to do identity theft or whatever you’re worried about. Online People databases will still be reporting pieces of your older SSN while you have been primarily giving services a different number.
retirement time isnt a problem. if your business is getting paid and the person that pays needs your tin/ein then thats what they get instead of your ssn. You are still paying self employment taxes contributing to retirement.
retirement time isnt a problem. if your business is getting paid and the person that pays needs your tin/ein then thats what they get instead of your ssn. You are still paying self employment taxes contributing to retirement.
EINs don't accumulate Social Security, but when you file taxes you'll pay "self-employment tax" on earnings from that "business" and those go to your personal SS account.
When you use an EIN you're basically claiming to act as a business. For some cases, you can do that just fine. But a lot of SSN requests for identification or credit checks it won't work. And anyone who cares that it's a SSN vs a TIN can figure that out easily.
When you use an EIN you're basically claiming to act as a business. For some cases, you can do that just fine. But a lot of SSN requests for identification or credit checks it won't work. And anyone who cares that it's a SSN vs a TIN can figure that out easily.
But the American SSN, while abused, is still supposed to be a secret.
I don't believe the Brazilian CPN is meant to be a secret at all. It's used for literally everything.
In America, you don't give your SSN to your utility company or when signing up for an online subscription. But in Brazil, you use your CPF to do that.
I don't believe the Brazilian CPN is meant to be a secret at all. It's used for literally everything.
In America, you don't give your SSN to your utility company or when signing up for an online subscription. But in Brazil, you use your CPF to do that.
> In America, you don't give your SSN to your utility company
You do where I am, because they run a credit check to determine whether you need to pay a deposit.
Legally is not supposed to be used for identity at all, except for Social Security (and IRS) purposes. But in practice that doesn't happen and it's not particularly secret. Used to be pretty common for people to include it on their pre-printed checks. When I was in college it was used as the student ID number. This was all before "identity theft" was really a thing people worried about.
You do where I am, because they run a credit check to determine whether you need to pay a deposit.
Legally is not supposed to be used for identity at all, except for Social Security (and IRS) purposes. But in practice that doesn't happen and it's not particularly secret. Used to be pretty common for people to include it on their pre-printed checks. When I was in college it was used as the student ID number. This was all before "identity theft" was really a thing people worried about.
But SSN should not really intended to be secret. It is not designed to be a proof of identity, but so many companies have treated it that way that it gives more access than it should. If we could prevent companies from using it like a password, it would no longer be a major risk to have it exposed.
I love being asked to verify my SSN just to access my own information through an unknown entity that will not disclose who they are.
SSN's aren't really secret—you can find someone's pretty easily by going to a data broker.
The CPF is quite annoying as a tourist. Mostly there are workarounds, but it is ridiculous how many things assume you have one. Yes, fake ones usually work. It was a few years back when I visited, but the hoops I had to jump through to buy an internal flight was unbelievable. I mean, the idea that a non-resident might want to travel within the country on a budget airline right??
Yeah, I hear you. Technically, anyone can get one, though I believe it comes with some annoying tax obligations, so it's not really something one would do as a tourist.
You can even get multiple numbers if you want. Though I think you're not supposed to.
> multiple numbers
At least it's not as wonky as our identity card number. For those who don't know, since our identity cards are emitted by the state governments, instead of the federal government, in theory a single person can have 27 different identity cards, one for each of the 26 states plus the federal district; all of them are valid in the whole country (and beyond, since some Mercosul treaties allow using the identity card instead of the passport).
At least it's not as wonky as our identity card number. For those who don't know, since our identity cards are emitted by the state governments, instead of the federal government, in theory a single person can have 27 different identity cards, one for each of the 26 states plus the federal district; all of them are valid in the whole country (and beyond, since some Mercosul treaties allow using the identity card instead of the passport).
That's why there are all those proposals for a Cadastro Único (CU) that would fix this, right? :)
Oh, no. It seems much more useful than that. By knowing credit, salary, age, and address... it's much easier to target high "value" targets for for on-line, or more likely in Brazil in person burglary or home invasion. This also gives cover to individuals banks and other organizations to drain large accounts by "guessing" passwords, since now it could be "anyone".
Like Covid, this is likely to be another generational wealth transfer event. It will be interesting to see how much stays in the country, but I expect most of it will.
Like Covid, this is likely to be another generational wealth transfer event. It will be interesting to see how much stays in the country, but I expect most of it will.
We must live in very different parts of Brazil because around these parts no one seems to care about Covid, which doesn't surprise me considering the message we get from the federal government.
Unfortunately, you're not wrong.
Another month another set of news that can be solved by NOT storing all the data in one place by one company. But for that we need better software. This article is literally like The Onion article about guns. Maybe we should put it with names changed every few months:
https://qbix.com/blog
https://qbix.com/blog
I would argue that if anything, in our current world of privacy and anonymity-indifferent lawyers, regulators, policy makers, corporate heads and most members of the general public, things like this and the hackers behind them perform a sort of obscene public service in a way: They make everyone at least somewhat leery about trends towards so much of our private lives falling into too many databases, especially when said data is highly personal, financial, medical or location-based (and thus especially compromising in certain contexts)
The reason why? While lawmakers, politicians and corporate heads couldn't give less of a shit about the average joe's privacy, they know that it's increasingly difficult even for them and their own families to stay private from too-pervasive, intrusive data collection, and they also now see ever more often just how near impossible it is to make said data stay secure from mass public leaks. Oops... Their own "optimization" obsessed nosiness maybe biting them back bit by bit.
It would be perversely amusing to see the head of some bullshit ad tracking firm, or bottom-feeding user data reseller, or the head of a snooping social network have their own dirty laundry leaked all over the web for all to see.
The reason why? While lawmakers, politicians and corporate heads couldn't give less of a shit about the average joe's privacy, they know that it's increasingly difficult even for them and their own families to stay private from too-pervasive, intrusive data collection, and they also now see ever more often just how near impossible it is to make said data stay secure from mass public leaks. Oops... Their own "optimization" obsessed nosiness maybe biting them back bit by bit.
It would be perversely amusing to see the head of some bullshit ad tracking firm, or bottom-feeding user data reseller, or the head of a snooping social network have their own dirty laundry leaked all over the web for all to see.
Another one?
Didn't this also happen last month? (https://www.zdnet.com/article/data-of-243-million-brazilians...)
Didn't this also happen last month? (https://www.zdnet.com/article/data-of-243-million-brazilians...)
Brazilian here. Same leak. New info suggest that the files contained far more info than previously thought.
Yep, another one. This time it's from a Credit bureau.
CPF is not a big deal, but if I read it correctly, you can basically search people/companies based on license plates, which is a big deal.
It's much worse than that. The leak contains dozens of datasets (relatives, addresses, jobs (+ linkedin), schools, vehicles, income, debts, pictures of faces, companies).
Has anyone calculated at the current rate of leaks how long would it take for every human on earth to be in some of these lists?
I treat my face, name, birthday and numbers as open data.
Maybe companies should stop using these things for verification and start allowing people to use cryptography more efficiently.
Maybe companies should stop using these things for verification and start allowing people to use cryptography more efficiently.
I treat my face, name, birthday and numbers as open data.
So because you don't value privacy and choose not to control you personal data, nobody else deserves privacy or to control their personal data?
So because you don't value privacy and choose not to control you personal data, nobody else deserves privacy or to control their personal data?
I don’t believe that the phone book was an immoral institution, no. Or the county register of deeds, or the vital statistics office, or the school directory, or the voter registration rolls, or the court records.
Privacy is important, there are things that must be kept confidential, but the basic facts of a person’s existence are not necessarily among them.
Privacy is important, there are things that must be kept confidential, but the basic facts of a person’s existence are not necessarily among them.
Phone directories permitted opting out (unlisted numbers), as well as obscured address or name.
No, I didn’t say that. It’s not about deserving....people don’t have privacy, it’s better to adapt to it.
There are lots of things in our lives that we don’t deserve but we have to deal with.
I keep some data extremely securely, just not the data that I think will get out anyways.
There are lots of things in our lives that we don’t deserve but we have to deal with.
I keep some data extremely securely, just not the data that I think will get out anyways.
He will change his mind when he realize that the information his bank uses to verify his identify is part of his open data now...
I keep most of my wealth in places where physical verification is needed. Good luck stealing all the money on my bank accounts, I don’t really care.
I can just imagine the future: Instead of reading stories of Identity Theft, we'll read about people getting locked out of their identity .. like the folks today who lose their Bitcoin keys.
"Of course, you can always pay a recovery company to get your identity back. But, that's expensive--more than most people have. The company will do it on credit (if they like your prospects), but then they have title to your identity until you pay them back, which, for many, is a day that never comes. The charges, service fees, garnishments, and interest on the above just add up and up."
Where is this from?
It makes for an effective gloomy sci-fi atmosphere, but does it really make sense? What's stopping someone from starting a better recovery company that actually gets the job done and doesn't do it on credit but for a fee? Incentives are not aligned if I have to pay interest because then the company has no reason to actually recover the identity
That won't happen until companies are held liable for damages caused by inadequate authentication processes.
If a bank gives a credit card to someone who says they're me, based on only on my SSN, I don't see why that should be my problem. It's between the bank and whomever they gave the card to. If they don't know who they actually gave it, well then it sounds like they need to improve their process.
But it becomes my problem because it's my credit score that gets ruined.
If a bank gives a credit card to someone who says they're me, based on only on my SSN, I don't see why that should be my problem. It's between the bank and whomever they gave the card to. If they don't know who they actually gave it, well then it sounds like they need to improve their process.
But it becomes my problem because it's my credit score that gets ruined.
Everyone has cameras. How a photo of yourself with thumbs up isn’t required is beyond me. It’s extremely easy, and would cut down on a lot of fraud.
Which would mean you're constantly sending a photo of yourself with your thumbs up to people, and it becomes trivial to fake.
I guess it could be "we need a selfie video of you reading this 6 digit number aloud".
I guess it could be "we need a selfie video of you reading this 6 digit number aloud".
...and with a shoe on your head.
Video verification is completely normal at this point
Companies? How about your government? I have a coworker who had returns filed against them by someone in prison! If that does not startle people how about that in some states absentee votes are merely verified against a signature on file.
What we need is a means that others can be sure it really is us and we can sure that actions we have taken are credited to us and those we did not are not.
In effect we will need a system by which we have instant notification; similar to how some CC providers mail or text you each transaction; and historical tracking so that we can prove when we did or did not.
However there are not many unique methods to physically identify people short of dna transfer. I know that people bring up Minority Report whenever facial recognition comes up but that wasn't the tech they used, they used iris recognition.
So we break down each action and assign a value to how secure and verified it must be and work our way up from there. Similar to how self driving cars are defined, on a level of one to five how secure must an action be before its accepted
What we need is a means that others can be sure it really is us and we can sure that actions we have taken are credited to us and those we did not are not.
In effect we will need a system by which we have instant notification; similar to how some CC providers mail or text you each transaction; and historical tracking so that we can prove when we did or did not.
However there are not many unique methods to physically identify people short of dna transfer. I know that people bring up Minority Report whenever facial recognition comes up but that wasn't the tech they used, they used iris recognition.
So we break down each action and assign a value to how secure and verified it must be and work our way up from there. Similar to how self driving cars are defined, on a level of one to five how secure must an action be before its accepted
I don’t see much difference between companies and governments, that’s why having an authentication standard that is accepted by all of them (and users as well) is important.
It doesn't really work like that. Some humans are likely completely off grid and not on record anywhere.
Some humans are likely completely off grid and not on record anywhere.
Quite a few, including a good percentage of my relatives.
One is particularly good at it. Aside from the wages his employer reports to the federal government, property ownership records, and an SSN, he simply doesn't exist.
His get paid each week in cash. Doesn't have a bank account or credit card. Because of his lifestyle and the type of vehicle he uses, he doesn't need a driver's license, registration, or insurance. His home has solar panels, a propane generator, and a well, so no utilities. I don't know what he does about trash service, but having seen the town, I wouldn't be surprised if it's still legal to burn your garbage on your property.
He's happy. Not paranoid that I can tell. He just lives a simple life where satisfaction comes from reading books and improving his mind, and not from hoarding electronic gadgets and social media thumbs to prove his worth.
Quite a few, including a good percentage of my relatives.
One is particularly good at it. Aside from the wages his employer reports to the federal government, property ownership records, and an SSN, he simply doesn't exist.
His get paid each week in cash. Doesn't have a bank account or credit card. Because of his lifestyle and the type of vehicle he uses, he doesn't need a driver's license, registration, or insurance. His home has solar panels, a propane generator, and a well, so no utilities. I don't know what he does about trash service, but having seen the town, I wouldn't be surprised if it's still legal to burn your garbage on your property.
He's happy. Not paranoid that I can tell. He just lives a simple life where satisfaction comes from reading books and improving his mind, and not from hoarding electronic gadgets and social media thumbs to prove his worth.
Any day now. I guess we will have a global info system a-la Hyperion with zero privacy. It will be suspicious to be absent from such a system instead.
I would guess "some time around 2012".
I wonder if at a certain point the value of data falls simply because so much is leaked illegally online
Articles about breaches rarely if ever contain a link to the actual data. I'm left trusting the journalist, who may or may not be tech literate. Even a random sampling of the records would be more illustrative than anything these bloggers post about.
So, CPF is not really a big deal, but I think here you can map cars based on license plates to persons and companies. Think about it.
Suggested editorialization:
"Nation wide Brazilian exposes privates"
"Nation wide Brazilian exposes privates"
[deleted]
Sheesh!
Welcome to the future
Url changed from https://www.databreaches.net/giant-leak-exposes-data-from-al..., which points to this.
atbpaca(2)
I'm so proud of my country, we just got the goal, time to double it.
And If you ask the politicians to improve security, they will probably say "put 2 more security guard outside the building".
And If you ask the politicians to improve security, they will probably say "put 2 more security guard outside the building".
[1] https://tecnoblog.net/404838/exclusivo-vazamento-que-expos-2...