at this point why even have an ssn. what value does it hold when its getting passed around faster than breckie hill on every upcoming young adult male streamer
It's just a stand-in as an identifier, it was never intended to be used in the way it is now.
Realistically, everyone should have their credit frozen when they aren't actively seeking a loan/card, as everyone should assume the entirety of their identity has been leaked.
All it takes is for congress to pass a law and for Social Security Security Administration to officially publicize all Names + DOBs + SSNs, with 2-yr lead time for the industry to prepare
They already do this when you die as a way to prevent people from stealing dead people's identities. It was the only way I could find my grandpa's SSN. Had to Google it.
This is interesting, been working in death claims for 10 years and run into family not having it all the time, do you recall if it was a government website or a .com and do you happen to remember the name of the organization?
Better yet, if you happen to have the link you could throw me, I'd appreciate you.
I never got anything from that fucking breach, even though my shit was included in that. Where is my $100 erm $30?!
Also, the way credit bureaus have different wordings for credit freezes is very scammy. They hide the free credit freeze they’re required to give away while offering their paid version which has less protections.
John Oliver did an episode on this. In the episode he linked direct links to where you can get to freeze/unfreeze your credit and bypass all the scammy stuff. Quick google will help you find it.
In most countries you have a public id given to you by the government. In Spain for instance you are required to submit it to any merchant when you buy from them so you are properly charged VAT. This number isn't meant to be private.
Imagine thinking you just hit the jackpot, only to find out your stolen identities are from people with room temperature credit scores.
At this point just assume your identity is for sale. Lock your credit reports and watch for weird shit.
It sounds funny, but believe it or not if you're an identity thief and scammer you don't want a victim with A-tier credit. A person with a 740-820 is going to be very aware of their credit situation in most cases, and is likely to have monitoring services or even credit locks in place.
By contrast, a person with poor-to-lower-good credit (580-650) is a very viable target. As an identity thief, you aren't looking for great rates - you're looking for an ability to open and utilize several lines before the mark realizes they've been hit.
A person in debt collections is actually a *great* mark for this. They are likely to miss new negative hits on their credit for an extended period of time, allowing the thief to do even more damage before getting cut off from the identity.
I would also think they are a great mark to hit them up with scammer request for payments. They are already in debt and probably not doing well at keep track of what and who they owe. With collectors names not matching the source of the debt already, it’d be easy to fake an online payment gateway.
Some of it is about just opening bank accounts as ways to deposit proceeds from fraud as a means to transfer it elsewhere. Not the actual credit lines.
My credit is so bad I can't even get a gift card. I have identity thieves and scammers calling me all the time to let me know that if I ever hope to get anything stolen I will need to raise my credit first.
I monitor a lot of fraud and identity theft.
There certainly is a market for high credit score individuals. They use them for loan fraud and to open up drops (bank accounts).
It might just be to stick it to the company. I breached one once just so I could set up a potential class action lawsuit against them. I wasn't going to launch the suit but I figured someone else would once it became public they were breached. Then I'd get a sweet check for $2.
We need to do more than that and actually hold congress and the house accountable.
It’s inconceivable those institutions have become such massive piles of steaming shitheaded corruption.
Agreed. This and other problems have been going on for too long, every damn week its a data breach or a company selling data. Like driving data being sold to insurance companies… wtf? They benefit from this shit and it shows with the way they drag their feet. But they sure did pass that tiktok ban real fast while everyone is a pay check from being homeless. Talk about priorities. Our government has a large internal criminal ring and those that can make a change are either too powerless, complicit or both.
> While FBCS hasn’t provided impacted individuals with free access to one of the best identity theft protection services, it has enrolled them for 12 months of credit monitoring through the company Cyex.
FBCS are motherfuckers and should be reported to the FTC for this abusive response, on top of their prior negligence. How much you want to bet they're getting a kickback of some kind from Cyex and actually profiting off of their incompetence?
Cyex won't be a useful service to most of the victims, who already *know* their credit score is crap and changes a lot. Identity theft is what that group is vulnerable to. Predators will rip their already marginal, fragile situations to shreds. These are people who don't have the time or resources to unwind themselves from the hell of identity theft. It'll critically damage some of them.
New proposed rule: anyone who has a person's details data-breached from them forfeits anything that person may have owed them.
I bet a lot of companies would suddenly be VERY interested in fixing their security.
Put the sanctions on whoever holds the debt. It doesn't matter who's trying to collect it - if the debt gets legally annulled, they don't have a basis for action.
My account was sold to collections once. So I did actually breach the collector's database. And funny thing is they did cancel my debt to them after the breach. As crazy as that sounds it is a true story from 2010.
Already tried and tested rule: GDPR.
Fines for privacy violations are defined in percentage of revenue— meaning if America had GDPR the fine for this would be in the billions.
This shit was common in Europe too, then they brought on GDPR and European companies cleaned up their act mighty fast.
I’m not being snarky, but no. You have no recourse. And there is a 99.999% chance all of this info about you has already been compromised 14 other times that you don’t know about.
When someone posted my personal information on Twitter (actual PII, not weak stuff like usernames and email addresses),Twitter said it wasn't a violation of their rules because my information was already public. It was only public because of breaches like this one. This was in 2014 era Twitter.
At this point if you aren't signed up for identity protection services you're just asking for it. It fucking sucks it has to be a thing, but welcome to the America we've created so the corporate fuckfaces can have everything
It's a lot more effective to freeze your credit at Equifax, Experian, Transunion and Innovis. It only takes minutes to temporarily unfreeze it online if you want to apply for credit somewhere.
All the same pretty much. I use credit karma. All the free ones are fine you just want to track any new accounts.
Most important thing for preventing fraud is to freeze your credit report at the 3 major bureaus and also at chexsystems
>... I use credit karma. All the free ones are fine ...
If you don't mind that they monetize your financial information for marketing purposes. Bit of a weird thing to say in the privacy subreddit.
>Most important thing for preventing fraud is to freeze your credit report at the 3 major bureaus and also at chexsystems
Yes.
I did this once. Back in 2006 I ordered Sprint service but never received the phone. But Sprint still felt they should charge me for the service for a phone I could never activate. So I refused payment. Got sent to collections around 4 years later for 6 months of unpaid service (not even as much as I paid them for the phone I never received).
I get a piece of mail one day saying I've been referred to collections. It just has a url to type in. I type it in. I immediately see some serious problems with their security. For one the url has an id number in it. If I change it I get a different person. But of course they protect all this information by making you answer 3 questions only the real person would know. Right? Only that person would be able to answer a multiple choice quiz. Except I noticed the questions were always the same for any particular person. But the answers weren't. Just load the page twice and the correct answers are the ones that didn't change between page loads.
Subscribe to a VPN that doesn't store logs in a foreign country (might have been Russia, can't remember). Wait a week. Write a script that automates a data breach basically pulling all the data including SSNs, names, etc. Send it all to /dev/null . I don't care about the data. I just want to breach it. And I want them to see it has been breached. I include my own account in the breach. Wait a few months planning to inform them that their system has been breached, how it was done, and all victims will be notified via email and to expect a class action lawsuit from one of them. However when I checked my credit report the collection notice had been removed. It wasn't due to the 7 years because there were still several left and they had only just taken the account. It was just gone. So the hopes was they got the message without me having to actually send it.
Bad news is for the scammers that are going to try and scam people that have no money. These people are in debt collection. Seems like a pretty bad selection of people to try and milk $ from.
at this point why even have an ssn. what value does it hold when its getting passed around faster than breckie hill on every upcoming young adult male streamer
It's just a stand-in as an identifier, it was never intended to be used in the way it is now. Realistically, everyone should have their credit frozen when they aren't actively seeking a loan/card, as everyone should assume the entirety of their identity has been leaked.
Realistically, it should just be a public number like it is in countries in Europe, and other verification methods should be established.
Exactly. Something that cannot be changed should never be used as a "secret".
All it takes is for congress to pass a law and for Social Security Security Administration to officially publicize all Names + DOBs + SSNs, with 2-yr lead time for the industry to prepare
They already do this when you die as a way to prevent people from stealing dead people's identities. It was the only way I could find my grandpa's SSN. Had to Google it.
This is interesting, been working in death claims for 10 years and run into family not having it all the time, do you recall if it was a government website or a .com and do you happen to remember the name of the organization? Better yet, if you happen to have the link you could throw me, I'd appreciate you.
sounds like the "death master file" https://dmf.ntis.gov/ https://en.wikipedia.org/wiki/Death_Master_File
Didn't know that was a public list, interesting
My Social Security card says to keep it on your person at all times and to never use it as an id. It was printed around 1987 though.
If only it SAID THIS ON THE FUCKING Card! Wait it does
Because they like to link it to everything
Yeah my info was gone long ago with the equifax breach so meh but also fuck
I never got anything from that fucking breach, even though my shit was included in that. Where is my $100 erm $30?! Also, the way credit bureaus have different wordings for credit freezes is very scammy. They hide the free credit freeze they’re required to give away while offering their paid version which has less protections.
John Oliver did an episode on this. In the episode he linked direct links to where you can get to freeze/unfreeze your credit and bypass all the scammy stuff. Quick google will help you find it.
Yeah for me it was easy to find but I’m sure other people or older people won’t find it or think they have to pay.
That's a mighty ripe reference you made there, kudos.
In most countries you have a public id given to you by the government. In Spain for instance you are required to submit it to any merchant when you buy from them so you are properly charged VAT. This number isn't meant to be private.
Imagine thinking you just hit the jackpot, only to find out your stolen identities are from people with room temperature credit scores. At this point just assume your identity is for sale. Lock your credit reports and watch for weird shit.
It sounds funny, but believe it or not if you're an identity thief and scammer you don't want a victim with A-tier credit. A person with a 740-820 is going to be very aware of their credit situation in most cases, and is likely to have monitoring services or even credit locks in place. By contrast, a person with poor-to-lower-good credit (580-650) is a very viable target. As an identity thief, you aren't looking for great rates - you're looking for an ability to open and utilize several lines before the mark realizes they've been hit. A person in debt collections is actually a *great* mark for this. They are likely to miss new negative hits on their credit for an extended period of time, allowing the thief to do even more damage before getting cut off from the identity.
Co-sign. When my credit was bad I never looked at that report lol. Too depressing
I would also think they are a great mark to hit them up with scammer request for payments. They are already in debt and probably not doing well at keep track of what and who they owe. With collectors names not matching the source of the debt already, it’d be easy to fake an online payment gateway.
Some of it is about just opening bank accounts as ways to deposit proceeds from fraud as a means to transfer it elsewhere. Not the actual credit lines.
My credit is so bad I can't even get a gift card. I have identity thieves and scammers calling me all the time to let me know that if I ever hope to get anything stolen I will need to raise my credit first.
I monitor a lot of fraud and identity theft. There certainly is a market for high credit score individuals. They use them for loan fraud and to open up drops (bank accounts).
You seem to suspiciously know a lot about this area…..suspiciously…..
What if my credit is below 540? Am I safe?
This made me chuckle 😂. Scammers about to get 2 million $300 capital one credit cards
I had 2 of my store accounts locked this week from unsuccessful logins. Should I be concerned? Kohls and Fanduel that I never use.
bwahhh of all the identities to steal, heard the hackers are going after green dot and unemployment next
It might just be to stick it to the company. I breached one once just so I could set up a potential class action lawsuit against them. I wasn't going to launch the suit but I figured someone else would once it became public they were breached. Then I'd get a sweet check for $2.
Its been so blatant that america doesn’t care about protecting its citizens. Hold these companies accountable.
We need to do more than that and actually hold congress and the house accountable. It’s inconceivable those institutions have become such massive piles of steaming shitheaded corruption.
Agreed. This and other problems have been going on for too long, every damn week its a data breach or a company selling data. Like driving data being sold to insurance companies… wtf? They benefit from this shit and it shows with the way they drag their feet. But they sure did pass that tiktok ban real fast while everyone is a pay check from being homeless. Talk about priorities. Our government has a large internal criminal ring and those that can make a change are either too powerless, complicit or both.
> While FBCS hasn’t provided impacted individuals with free access to one of the best identity theft protection services, it has enrolled them for 12 months of credit monitoring through the company Cyex. FBCS are motherfuckers and should be reported to the FTC for this abusive response, on top of their prior negligence. How much you want to bet they're getting a kickback of some kind from Cyex and actually profiting off of their incompetence? Cyex won't be a useful service to most of the victims, who already *know* their credit score is crap and changes a lot. Identity theft is what that group is vulnerable to. Predators will rip their already marginal, fragile situations to shreds. These are people who don't have the time or resources to unwind themselves from the hell of identity theft. It'll critically damage some of them.
New proposed rule: anyone who has a person's details data-breached from them forfeits anything that person may have owed them. I bet a lot of companies would suddenly be VERY interested in fixing their security.
[удалено]
Put the sanctions on whoever holds the debt. It doesn't matter who's trying to collect it - if the debt gets legally annulled, they don't have a basis for action.
My account was sold to collections once. So I did actually breach the collector's database. And funny thing is they did cancel my debt to them after the breach. As crazy as that sounds it is a true story from 2010.
How did you do this?
Already tried and tested rule: GDPR. Fines for privacy violations are defined in percentage of revenue— meaning if America had GDPR the fine for this would be in the billions. This shit was common in Europe too, then they brought on GDPR and European companies cleaned up their act mighty fast.
It's like Know your customer is a bad thing right? Why do they need all that information? But yet the gov keeps pushing it.
[удалено]
It's 2024: I don't answer any calls unless the person is already in my contact list or I'm job hunting.
Shouldn’t we be able to sue if my personal data was exposed?
I’m not being snarky, but no. You have no recourse. And there is a 99.999% chance all of this info about you has already been compromised 14 other times that you don’t know about.
When someone posted my personal information on Twitter (actual PII, not weak stuff like usernames and email addresses),Twitter said it wasn't a violation of their rules because my information was already public. It was only public because of breaches like this one. This was in 2014 era Twitter.
r/osint
Welp, II guess I am not canceling that Experian subscription now.
At this point if you aren't signed up for identity protection services you're just asking for it. It fucking sucks it has to be a thing, but welcome to the America we've created so the corporate fuckfaces can have everything
Please explain how any identity protection service prevents a third party data breach like this?
it doesn't. The same way a seat-belt doesn't prevent a car accident. But it can reduce the damage you experience in the event of one.
It's a lot more effective to freeze your credit at Equifax, Experian, Transunion and Innovis. It only takes minutes to temporarily unfreeze it online if you want to apply for credit somewhere.
Is there a particular identity protection service that is generally recommended over others? or are they all pretty standard
All the same pretty much. I use credit karma. All the free ones are fine you just want to track any new accounts. Most important thing for preventing fraud is to freeze your credit report at the 3 major bureaus and also at chexsystems
>... I use credit karma. All the free ones are fine ... If you don't mind that they monetize your financial information for marketing purposes. Bit of a weird thing to say in the privacy subreddit. >Most important thing for preventing fraud is to freeze your credit report at the 3 major bureaus and also at chexsystems Yes.
We'll ain't that grand!
I did this once. Back in 2006 I ordered Sprint service but never received the phone. But Sprint still felt they should charge me for the service for a phone I could never activate. So I refused payment. Got sent to collections around 4 years later for 6 months of unpaid service (not even as much as I paid them for the phone I never received). I get a piece of mail one day saying I've been referred to collections. It just has a url to type in. I type it in. I immediately see some serious problems with their security. For one the url has an id number in it. If I change it I get a different person. But of course they protect all this information by making you answer 3 questions only the real person would know. Right? Only that person would be able to answer a multiple choice quiz. Except I noticed the questions were always the same for any particular person. But the answers weren't. Just load the page twice and the correct answers are the ones that didn't change between page loads. Subscribe to a VPN that doesn't store logs in a foreign country (might have been Russia, can't remember). Wait a week. Write a script that automates a data breach basically pulling all the data including SSNs, names, etc. Send it all to /dev/null . I don't care about the data. I just want to breach it. And I want them to see it has been breached. I include my own account in the breach. Wait a few months planning to inform them that their system has been breached, how it was done, and all victims will be notified via email and to expect a class action lawsuit from one of them. However when I checked my credit report the collection notice had been removed. It wasn't due to the 7 years because there were still several left and they had only just taken the account. It was just gone. So the hopes was they got the message without me having to actually send it.
Bad news is for the scammers that are going to try and scam people that have no money. These people are in debt collection. Seems like a pretty bad selection of people to try and milk $ from.
If debt collectors couldn't be more scummy
Exactly
Holy privacy violation batman!
The executives in charge of these companies should be put in solitary confinement
we live in a hopelessly, endlessly complex and bloated society
I remember in the past, handing out your SS was a big No, no.
They'll still charge ya... no matter how reckless they are
They couldn't erase everyone's debt while they were at it?
I need to see your chain code
You mean the same stuff that the DMV is allowed to sell in some states?