There had been so many reports similar to this one in the last few years, that at this point we should all assume that at least some of our private information has been compromised.
selfdestructingin5 on
Did anyone read the article? I did and I’m still very confused…
They say researchers contacted them and the vulnerability was fixed the next day.
Then the company that had the vulnerability was contacted for a comment and they essentially said “we did a review and found neither us nor our partners were ever vulnerable. We asked the ethical hacker for proof there was a vulnerability and they said give them money for the proof, so we think it was a ransom related incident.”
Then this article keeps recommending various antivirus software and tools to use.
AOL.com too?
Not saying it didn’t happen, but I’m very confused.
This whole article is weird as hell and seems off.
adudeguyman on
Why even bother keeping things secure anymore
Awkward-Sun5423 on
IDMerit.
Saved you a click
Time-Industry-1364 on
Aaannndddd this is why I’m not uploading shit like this to a website.
tingulz on
Another reason age verification for websites is an idiotic idea.
ScottyNuttz on
I’ll be dead before I run out of compensatory years of free identity theft detection services… I’ve gotten so many letters from companies I’ve never heard of apologizing for data breaches and offering me “a year of identity theft protection”. The last thing I want is to have some other company monitoring my identity too.
bikeking8 on
Because it was a good idea to trust tech bros with anything more valuable than a keyboard.
No_Size9475 on
So we will all get a check for $1.25 five years from now?
citizenjones on
If you can’t secure an individuals personal data then you have no real business asking for it.
TrumpHasCovid on
KYC is a plague upon our safety
True_Manufacturer909 on
At this point I wonder how many overlapping data breaches I’ve even been a part of
Apoc220 on
For those who didn’t read, the company whose data was breached provides identity verification for financial institutions. Not related to id verification for websites.
thrownehwah on
This is pretty much expected these days. Cost cutting by major corporations and the need to shovel all money into stock holders pockets and the C suites? No shyt
xyrnil on
So, basically, everybody? Cool …
Inside-Yak-8815 on
Again?
ChristianWealth on
Every cybercriminal’s dream toolbox, this isn’t minor it’s a privacy nightmare.
awill316 on
cool cool cool cool cool
valuecolor on
This story is basically a fucking AD for Cyberguy newsletter services and this “breach” occurred last year.
MoonlightMadMan on
Bring back the Wild West Internet from before 2007 pls
RichardDr on
The fundamental problem with identity verification services is that they create exactly the kind of honeypot target they’re supposed to protect against.
Think about what these companies collect: government-issued IDs, selfies, biometric data, SSNs, addresses — everything you need for a complete identity theft. And then they store all of it in one place, making it an incredibly high-value target for attackers.
What makes this worse than a typical data breach:
– **You can’t change your biometric data.** If your password leaks, you change it. If your face scan and fingerprint data leak, you’re compromised permanently.
– **This data gets used for synthetic identity fraud**, which is already the fastest-growing type of financial crime. Criminals combine real data points from multiple victims to create entirely new fake identities that pass verification checks.
– **The victims often don’t even know they used this specific service.** Companies requiring ID verification often outsource it to third parties. You think you’re verifying with your bank, but your data is actually sitting on some vendor’s server.
The real question is why we’re still building identity systems that require centralizing this much sensitive data in one place. Decentralized verification approaches exist but the industry has no incentive to adopt them when the cost of a breach falls on consumers, not the company.
Zels0123 on
“Leak” vs just stealing hmm
MadaYuki on
Hey couldn’t they commit voting fraud with leaked id’s?
demongraves on
$12 fine and time served. Next case.
slagmacg on
Phhbt. I’ve been included in dozens of data breaches. I have no respect for any hacker that DOESN’T have my records.
anonyvacy on
you’re making everybody lose privacy because persuading them it’s bad in the first place is more work. great minds think alike God.
macgruff on
Jesus Christ, the company and every VP level to Board members should be stripped of every penny and the funds distributed to each person, then they should be hauled off to jail for ten years.
Fuck this world.
cejmp on
Nobody saw that coming.
HuoLongHeavy on
Imagine a world where our government gave half a fuck about our personal data and actually did something to protect it. I would guess that for the vast majority of people, it’s too late to save anything.
Waterwoo on
Maybe a ton of random services requiring a photo of everyone’s ID (which they’ll definitely delete right after wink wink) is a fucking stupid idea?
BarnabasShrexx on
“The database was not protected by a password. Anyone who knew where to look could access it. Inside were full names, home addresses, postal codes, dates of birth, national ID numbers, phone numbers, email addresses and gender information. Some records also included telecom-related metadata and internal flags that may have referenced past breaches.”
Genius level work IDMerit
NUMBerONEisFIRST on
Didn’t the pedo in chief fire our cyber security team?
35 Comments
That was quick
Oh. my. gosh. who. could. have. ever. guessed. Wowzers
There had been so many reports similar to this one in the last few years, that at this point we should all assume that at least some of our private information has been compromised.
Did anyone read the article? I did and I’m still very confused…
They say researchers contacted them and the vulnerability was fixed the next day.
Then the company that had the vulnerability was contacted for a comment and they essentially said “we did a review and found neither us nor our partners were ever vulnerable. We asked the ethical hacker for proof there was a vulnerability and they said give them money for the proof, so we think it was a ransom related incident.”
Then this article keeps recommending various antivirus software and tools to use.
AOL.com too?
Not saying it didn’t happen, but I’m very confused.
This whole article is weird as hell and seems off.
Why even bother keeping things secure anymore
IDMerit.
Saved you a click
Aaannndddd this is why I’m not uploading shit like this to a website.
Another reason age verification for websites is an idiotic idea.
I’ll be dead before I run out of compensatory years of free identity theft detection services… I’ve gotten so many letters from companies I’ve never heard of apologizing for data breaches and offering me “a year of identity theft protection”. The last thing I want is to have some other company monitoring my identity too.
Because it was a good idea to trust tech bros with anything more valuable than a keyboard.
So we will all get a check for $1.25 five years from now?
If you can’t secure an individuals personal data then you have no real business asking for it.
KYC is a plague upon our safety
At this point I wonder how many overlapping data breaches I’ve even been a part of
For those who didn’t read, the company whose data was breached provides identity verification for financial institutions. Not related to id verification for websites.
This is pretty much expected these days. Cost cutting by major corporations and the need to shovel all money into stock holders pockets and the C suites? No shyt
So, basically, everybody? Cool …
Again?
Every cybercriminal’s dream toolbox, this isn’t minor it’s a privacy nightmare.
cool cool cool cool cool
This story is basically a fucking AD for Cyberguy newsletter services and this “breach” occurred last year.
Bring back the Wild West Internet from before 2007 pls
The fundamental problem with identity verification services is that they create exactly the kind of honeypot target they’re supposed to protect against.
Think about what these companies collect: government-issued IDs, selfies, biometric data, SSNs, addresses — everything you need for a complete identity theft. And then they store all of it in one place, making it an incredibly high-value target for attackers.
What makes this worse than a typical data breach:
– **You can’t change your biometric data.** If your password leaks, you change it. If your face scan and fingerprint data leak, you’re compromised permanently.
– **This data gets used for synthetic identity fraud**, which is already the fastest-growing type of financial crime. Criminals combine real data points from multiple victims to create entirely new fake identities that pass verification checks.
– **The victims often don’t even know they used this specific service.** Companies requiring ID verification often outsource it to third parties. You think you’re verifying with your bank, but your data is actually sitting on some vendor’s server.
The real question is why we’re still building identity systems that require centralizing this much sensitive data in one place. Decentralized verification approaches exist but the industry has no incentive to adopt them when the cost of a breach falls on consumers, not the company.
“Leak” vs just stealing hmm
Hey couldn’t they commit voting fraud with leaked id’s?
$12 fine and time served. Next case.
Phhbt. I’ve been included in dozens of data breaches. I have no respect for any hacker that DOESN’T have my records.
you’re making everybody lose privacy because persuading them it’s bad in the first place is more work. great minds think alike God.
Jesus Christ, the company and every VP level to Board members should be stripped of every penny and the funds distributed to each person, then they should be hauled off to jail for ten years.
Fuck this world.
Nobody saw that coming.
Imagine a world where our government gave half a fuck about our personal data and actually did something to protect it. I would guess that for the vast majority of people, it’s too late to save anything.
Maybe a ton of random services requiring a photo of everyone’s ID (which they’ll definitely delete right after wink wink) is a fucking stupid idea?
“The database was not protected by a password. Anyone who knew where to look could access it. Inside were full names, home addresses, postal codes, dates of birth, national ID numbers, phone numbers, email addresses and gender information. Some records also included telecom-related metadata and internal flags that may have referenced past breaches.”
Genius level work IDMerit
Didn’t the pedo in chief fire our cyber security team?
Of course they were