There is an attempt to satirize, to position oneself on a level of higher understanding than those who are concerned by one of the biggest leaks in history.
It reminds me of when people used to make fun of covid and cough in each others faces before they knew shit was real.
Of course it isn't a list of ssns, it's a list of ssns attached with names and addresses...
So what are we supposed to do about it? Everyone has known for years that SSN's aren't secure or supposed to be used in the manner that they are. Many have been screaming from the rooftops about it. I can't do anything about it, you can't do anything about it. So may as well laugh about it.
not give out your SSN unecessarily. freeze your credit. pay for monitoring service. pay for a service to delete you from other public data sets eg fastpeoplesearch.com.
Depends on the assets that you have or how public of a figure you are really, being targetted for kidnapping, break n enter, or home robbery is no joke. Especially if you have a family.
You need to take the backseat and let the grownups deal with this stuff.
I feel the question on what to do is an interesting one, but a thread that satirizes the problem is not an appropriate venue to resolve that question.
People have warned that ssns arent "secure or supposed to be used in the manner that they are" . What does that even mean, there's been a huge leak, ignore your previous quarrels and respond to the specific incident, nobody cares what people were saying about ssns before, wait for information and respond accordingly.
I guess but there's literally nothing I can do, the data wanted to be free and escaped. Oh well, I'll deal with any fallout as it happens. No sense worrying until the actual bad thing happens, because if it doesn't you worried for nothing.
If anything I'm happy SSN databases keep getting leaked. It furthers the case that identity fraud is the bank's problem and verifying identity by SSN is negligent.
This is a joke, though it might be indicative of the state of software that I totally believed a JavaScript file could exfiltrate the names and security numbers of everyone in the US from some central system.
Yes, this is obviously a joke given that the first file starts with SSNs with prefix 000. That prefix is not used [1]. The only information listed here is what appears to be an enumeration of every possible SSN, without any other related fields.
I am not American, so I don't know the rules of ssn. However, can someone calculate what are the chances I guess a valid ssn, if I know all the ssn rules?
Very good. I don't know all the details but part of the SSN is the hospital ID where you were born, and part of it is time-based. It's just enough that someone trying to drink coffee while perusing the rules won't instantly know everyone's SSN, but a sophisticated actor could probably get someone's SSN down to 100ish guesses.
Until a year or so ago, the Dutch equivalent of the SSN (BSN = Burgerservicenummer = Civilian Service Number), was embedded in the VAT number of freelancers. After much protest it finally got fixed by the Dutch IRS that this sensitive number is no longer embedded in a number that you’re supposed to display on your website and invoices.
This should not be flagged. The author's repo makes a valid point about how we should think about security; satire cannot be labeled and still retain its rhetorical and educative value.
I am disappointed that Hckrnews is missing this man's consistent security work and instead downvoting or flagging, presumably because the headline -- merely the title of the repo -- caused a heart or two to skip a beat.
But isn't that the point? Isn't that something we should think about?
There are only a billion numbers. Counting everyone who has already died since they were introduced, and all the "taxpayer id" numbers that are issued for people who don't have real SSNs, how long until we run out? Or are they already being re-used?
I don't think that's true anymore. I was born in the same state as my wife and we have different 3-digit prefixes. But I agree that there are some rules about the different parts of the number that further constrain the theoretical one billion limit.
