22 points

It sounds like a bad breach, and I’m not arguing against that. I just want to point out my doubts that there were ever 2.9 billion Americans since the founding of the nation, let alone since social security numbers became a thing. Maybe if I bothered to read the article, it would make more sense.

permalink
report
reply
5 points

Lol, yeah “National Public Data” has records of over 3 billion people going back 30 years and these people live all over the world, so it seems.

permalink
report
parent
reply
10 points

There’s something like 330 million Americans currently alive, give or take. Social Security began in 1935, so that’s 89 years ago. For the sake of making the math easy for a dumb Lemmy comment, let’s figure the population at the time was two thirds of what it is today at 220 million, and we can figure that within the margin of error virtually all of them are dead. Yes there are some Americans between the ages of 90 and 111 but they likely didn’t have social security numbers as children; the practice of assigning a SSN at birth happened later when they tied it to a tax credit for having kids; at first you got a SSN when you got your first job so anyone who was under the age of 15 or so in 1935 wouldn’t have been given one.

So let’s figure 220 million Americans who have since died, and 330 Americans who are still alive, have held social security numbers. That’s 550 million SSNs total. Rough back of the napkin math.

permalink
report
parent
reply
11 points

Why guess at the 1935 pop instead of just looking it up?

It was about 127 million.

permalink
report
parent
reply
6 points

Because it’s a dumb Lemmy comment.

permalink
report
parent
reply
6 points

The SSN itself is limited to under 1 billion possible permutations anyway because the format is 9 total digits. (3 digits hyphen 2 digits hyphen 4 digits.)

And if I recall they also have something weird with the state you were born roughly corresponding to which 3 digit prefix you’re issued. Obviously that isn’t purely true either because that would only give you about 1 million unique numbers per prefix.

Either way they’ve gotta be close to the theoretical maximum of the format without recycling numbers.

permalink
report
parent
reply
30 points

Okay, but I’m not sure how revelant that is. The article doesn’t say only Americans were affected, it says the exact opposite.

[…] this data likely comes from both the U.S. and other countries around the world.

permalink
report
parent
reply
-4 points

Like I said, I didn’t read the article, but only Americans would have social security numbers.

permalink
report
parent
reply
10 points
*

Social security numbers being involved in a breach does not mean that the breach only affects Americans. Some records might not have an equivalent ID number associated with them at all, and some records could have similar ID numbers from other countries. They also list current address as part of the data leaked but the fact many people don’t have a current address didn’t seem to cause you any confusion. The original source lists “information about relatives”, if that was in this title would you have assumed only people with living relatives were included?

“I didn’t read the article” is a poor excuse when you’re commenting on the believability of the article. What happened here is you saw an article, immediately assumed it was about the US, realised that doesn’t make any sense, then dismissed the article without even bothering to check because the title doesn’t fit the US exclusively. It’s crazy to me that you wouldn’t even consider the fact it’s not an exclusively US-based leak.

permalink
report
parent
reply
5 points

the U.S. and other countries “around the world”

meaning, for those of us living on other planets, we are completely safe … such a relief ! /s

permalink
report
reply
3 points

It’s best to say around the world just so who ever is reading it doesn’t think it region specific.

For example, they could say “the U.S. and other countries in the western hemisphere.”

permalink
report
parent
reply
-1 points

How do you like : “worldwide (including self centered U.S.A.)” 🤣 ?

permalink
report
parent
reply
1 point

The other way works better since National Public Data is based in Florida and because of the name of the company. If it said “International” instead of “National” the readers would assume it is international data.

Based on the location, name of the company, and the breach mentioning social security numbers, stating the US first is the most logical.

permalink
report
parent
reply
121 points

Oh well I feel at this point every man woman and child already had this done to them in United States and our government not doing shit about it.

permalink
report
reply
11 points

This one is way more than just the US.

permalink
report
parent
reply
4 points
*
Deleted by creator
permalink
report
parent
reply
2 points

Hi Steve. Have you heard from Tom? Been a while.

permalink
report
parent
reply
2 points
*
Deleted by creator
permalink
report
parent
reply
82 points

Stack on another “Free monitoring, 2 years”

permalink
report
parent
reply
3 points

What if this was just a scheme to get everyone free monitoring

permalink
report
parent
reply
1 point

whoa

permalink
report
parent
reply
4 points

If I get to use them consecutively, I’m good for a few lifetimes.

permalink
report
parent
reply
1 point
Deleted by creator
permalink
report
parent
reply
26 points

Just got this bullshit offer from Ticketmaster for one of their breaches and they are only offering 1 year free credit monitoring.

permalink
report
parent
reply
38 points

I read “free credit monitoring” as allowing your name to get on another list to be sold.

permalink
report
parent
reply

It’s better than the previous class action which got you nothing but a slight discount on a future Ticketmaster purchase to a very select number of concerts.

permalink
report
parent
reply
36 points

How did this company leak 2.9 billion people’s info, including SSNs, when the population of the US is only ~350M?

Is “National Public Data” collecting info on everyone internationally? So many questions…

permalink
report
reply
7 points

Read the article? Your questions are answered there.

permalink
report
parent
reply
9 points

When applying to a US government position with a certain security clearance, they will do background checks of you, your family and extended family, if need be.

And I’m sure that can be the case for any employer who needs background checks. That being said, I also suspect some of these people in the database are dead.

permalink
report
parent
reply
14 points

I just assume ssn is for a us audience and its worlwide with equivalent numbers but who knows. I mean there are only 8 bil on the planet so thats like everyone except maybe china, india, and africa

permalink
report
parent
reply
39 points

There are only 1 billion SSNs possible with 9 digits, and at most around 350M living people who have them (the US population). This breach is international but SSN is a US thing.

permalink
report
reply
5 points
*

9 digit social security number specifically might be, but a unique number tied to you that is often used as identification when it really shouldn’t isn’t, it’s a shitshow that has been implemented in many countries around the world.
The Finnish version was called an SSN originally for example, though now its a “henkilötunnus”, personal identity code.

https://en.wikipedia.org/wiki/National_identification_number

permalink
report
parent
reply
2 points

Do TINs overlap with SSNs? Because businesses and non-citizen taxpayers have TINs instead of SSNs, but they’re used just the same.

permalink
report
parent
reply
1 point

This I don’t know. I remember reading that around 70%(?) of SSNs have been allocated, and there are enough left for a few decades. No idea whether corporation TINs come from that. I believe non-citizen taxpayers get similar SSNs to citizens. IDK if they pay into social security and collect benefits the same way.

permalink
report
parent
reply
7 points
*

And not all 9-digit numbers are used, so there are fewer than a billion. It sucks when organizations store them because the search space is so small it’s relatively easy to unhash them in a stolen database.

permalink
report
parent
reply
6 points

A lot of businesses use the last 4 digits separately for some purposes, which means that even if it’s salted, you are only getting 110,000 total options, which is trivial to run through.

permalink
report
parent
reply

Technology

!technology@lemmy.world

Create post

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


Community stats

  • 15K

    Monthly active users

  • 6.8K

    Posts

  • 155K

    Comments