It’s almost like letting companies hold sensitive information, who don’t give a fuck and/or don’t have a clue, is a bad thing.
Woah there! What are ya; one o’ them filthy pinkos?
This is the best summary I could come up with:
A security researcher said he discovered millions of Chinese citizen identity numbers spilling online after an e-commerce store left its database exposed to the internet.
Viktor Markopoulos, a security researcher working for CloudDefense.ai, said he found the database belonging to Zhefengle, a China-based e-commerce store for importing goods from overseas.
The database contained more than 3.3 million orders spanning 2015 through 2020, Markopoulos said, but had not been protected with a password.
Many of the orders also include uploaded copies of the customer’s identity card, TechCrunch has seen.
Anyone who knew the IP address of the database could access the data inside using only their web browser.
TechCrunch contacted the owners of the online store with details about the exposed database.
The original article contains 212 words, the summary contains 121 words. Saved 43%. I’m a bot and I’m open source!
In Sweden IDs are public domain! Easiest way to find out the social security number of someone is if you know their name and/or address. Stalker’s paradise.
btw Ukraine has a huge open data platform; basically if you know someone’s name or even just a phone number, their address is likely in one of those public domain multi-gigabyte json files, together with some miscellaneous info like crime history, parents and list of government progams.
Unfortunately only expired ids are public.That’s terrible. I don’t understand why governments do that.
SSNa were supposed to not be sensitive info in the US as well, but in practice they were used as such.
Oh it’s much worse than just the SSNs. Thankfully you can’t do much with SSNs alone, though you totally can with some social engineering, or offical looking documents. There are people that have legally died because death certificates have been filed on them, from non-existing doctors. Legally died as in the person is very much still alive. That kind of thing is a fucking mess to fix.
The thing is, if you knew my name, or my address and age, you’d be able to find out crazy details about me.
- My birth date
- My full name
- My social security number
- Which apartment I live in
- Directions my apartment from the building entrance
- How large my apartment is
- How many rooms it has
- When I moved in
- My criminal record
- Which schools I’ve attended
- Where I’ve worked
- What I’ve studied
- Who my current employer is
- If I have a spouse, if so who they are and all of this info about them
- My yearly income
- The average income of the people in my area
- All of this information about everyone in my building
- If I own any vehicles
- If so what model, make, and lit. everything about it (purchase date, approx value, when it was last serviced, odometer settings)
- Which animals I have registered on my name
- Their name, sex, breed, and age
Like it’s extensive and there are websites that are built to collate all this information under one roof, then have people pay to access parts of it. You can access this info through official means for free but it won’t be neatly presented in a singular packet. I’ve also left out a lot of stuff, like my company ownership/board member status, if I’ve been politically engaged, etc. The list was getting too long.