182 points

A complaint submitted to the US District Court for the Southern District of Florida claims the exposed personal data belongs to a public records data provider named National Public Data, which specializes in background checks and fraud prevention.

What’s with these companies nobody has heard of causing massive fuck ups?

permalink
report
reply
93 points

It’s capitalism. Do you hate America or something?

permalink
report
parent
reply
19 points
*

Do you hate America or something?

Everyone hates US politics. Even people from the US hate it.

permalink
report
parent
reply
71 points

Because companies you’ve never heard of are the ones doing the infrastructure and data warehousing for the public-facing companies you have heard of.

permalink
report
parent
reply
28 points

Seems like a good way to have an infosec weak spot…oh…

permalink
report
parent
reply
175 points

The personal data of 2.9 billion people, which includes full names, former and complete addresses going back 30 years, Social Security Numbers, and more, was stolen from National Public Data by a cybercriminal group that goes by the name USDoD. The complaint goes on to explain that the hackers then tried to sell this huge collection of personal data on the dark web to the tune of $3.5 million. It’s worth noting that due to the sheer number of people affected, this data likely comes from both the U.S. and other countries around the world.

What makes the way National Public Data did this more concerning is that the firm scraped personally identifiable information (PII) of billions of people from non-public sources. As a result, many of the people who are now involved in the class action lawsuit did not provide their data to the company willingly.

What exactly makes this company so different from the hacking group that breached them? Why should they be treated differently?

permalink
report
reply
30 points

I feel like that might be bad phrasing on the part of the article. They mainly aggregate public records, like legal document style public records, and they also scrapped data from not-(public record) data, which isn’t the same as (not-public) record data.

I feel like I would want more details to be sure though, but scrapping usually refers to “generally available” data.

permalink
report
parent
reply
4 points

That all depends. If they’re pulling that private data for use in questionnaires, the terms may not allow them to save it, but they scrape it from the form.

permalink
report
parent
reply
2 points

Yeah, it definitely might still be a bad data source,and it’s shady either way, just pointing out that “not public data” has a few meanings, and not all of them are synonymous with “private data”.

permalink
report
parent
reply
17 points

Same with the big three credit reporting bureaus Equifax and whoever the fuck. Did anyone ever give them permission to horde all of their personal info? I don’t think so.

permalink
report
parent
reply
3 points

All depends on the terms of use from those that provide the data to them that they scraped from. I bet they never expected a customer to do it.

permalink
report
parent
reply
121 points

Oh well I feel at this point every man woman and child already had this done to them in United States and our government not doing shit about it.

permalink
report
reply
82 points

Stack on another “Free monitoring, 2 years”

permalink
report
parent
reply
26 points

Just got this bullshit offer from Ticketmaster for one of their breaches and they are only offering 1 year free credit monitoring.

permalink
report
parent
reply
38 points

I read “free credit monitoring” as allowing your name to get on another list to be sold.

permalink
report
parent
reply

It’s better than the previous class action which got you nothing but a slight discount on a future Ticketmaster purchase to a very select number of concerts.

permalink
report
parent
reply
4 points

If I get to use them consecutively, I’m good for a few lifetimes.

permalink
report
parent
reply
3 points

What if this was just a scheme to get everyone free monitoring

permalink
report
parent
reply
1 point

whoa

permalink
report
parent
reply
1 point
Deleted by creator
permalink
report
parent
reply
11 points

This one is way more than just the US.

permalink
report
parent
reply
4 points
*
Deleted by creator
permalink
report
parent
reply
2 points

Hi Steve. Have you heard from Tom? Been a while.

permalink
report
parent
reply
2 points
*
Deleted by creator
permalink
report
parent
reply
108 points

With a breach of this size, I think we’re officially at the point where the data about enough people is out there and knowledge based questions for security should be considered unsafe. We need to come up with different authentication methods.

permalink
report
reply
35 points

Private keys for everyone.

permalink
report
parent
reply
9 points

You get a private key! And you get a private key! And you get a private key!

permalink
report
parent
reply
5 points

Indian accent: Hello, this is Microsoft support. Your private key is being hacked and you need to give it to us immediately for safe keeping.

WCGW?

permalink
report
parent
reply
29 points

We have different authentication methods. The hard bit is persuading people to use them.

permalink
report
parent
reply
2 points

Before people can be persuaded to use them, we have to persuade or force the companies and sites to support them.

permalink
report
parent
reply
10 points

Passkeys. They’re amazing.

permalink
report
parent
reply
9 points
*

Tying a password to a browser or device isn’t going to make it any easier. Use a password manager and set unique string passwords for everything. If the app supports it, use FIDO physical keys instead of Passkeys

permalink
report
parent
reply
8 points

Even better would be to use certificates instead of passwords. What if every website gave you a certificate signed by them, and you store that in your password manager automatically.

Maybe that’s what passkeys are… Haven’t read up on them at all.

permalink
report
parent
reply
4 points

… passkeys basically do all this without you having to know how. Your device /is/ the physical key and /you/ are the secondary auth. It honestly doesn’t get any easier for the user.

permalink
report
parent
reply
5 points

Until you realize Apple allows the iPhone to airdrop them. Ugh.

permalink
report
parent
reply
3 points

Pirate keys for sure. Not using one is just asking for a stranger to grab your booty.

permalink
report
parent
reply
6 points

I want a stranger to grab my ass sometime

permalink
report
parent
reply
2 points

But I enjoy a booty grabbing.

permalink
report
parent
reply
1 point

Pirate keys for sure.

Arrr… SA to ye all!

permalink
report
parent
reply
1 point
*

Start using Yubikeys and telling companies that don’t support them to support them.

permalink
report
parent
reply
58 points

And again they will fail to punish the company responsible for protecting this data for their criminal neglience.

permalink
report
reply
17 points

Because that might damage shareholder value

permalink
report
parent
reply
16 points

It really should. The shareholders did profit from not investing in security until the incident. Let them suffer.

permalink
report
parent
reply

Technology

!technology@lemmy.world

Create post

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


Community stats

  • 15K

    Monthly active users

  • 6.8K

    Posts

  • 155K

    Comments