Criminals have perfected the art of taking over dead peoples' online accounts

When you die, your relatives will be sad and (depending on the circumstances of your death) possibly left scrambling to make arrangements for your remains, effects, and estate. Read the rest

Defective Comcast security exposes 26.5m customers' partial Social Security Numbers and addresses

Comcast Xfininty's login page had an easily found bug that allowed anyone to gain access to the partial Social Security Numbers and partial home addresses of over 26.5 million customers. Read the rest

Two sitting Senators were among the people whose identities were stolen in FCC comments from anti-Net Neutrality bots

Trump's FCC Chairman Ajit Pai was so determined to ram through a Net Neutrality repeal that he ignored the fact that the FCC's public comment inbox was flooded with fake comments from anti-Net Neutrality bots -- at least a million of them -- who indiscriminately stole identities from the dead and alive alike (Pai said he'd treat these fake comments with the same weight that he gave to comments from humans, refusing to help law enforcement track down the botmasters, so that the Congressional Budget Office had to step in). Read the rest

Equifax lets identity thieves raid "frozen" credit reports through its shady, obscure secondary credit bureau

If you've had your identity stolen or if you're worried about having been doxxed by Equifax, you can freeze your credit record, and then Equifax, Experian, Trans Union and Innovis will block any requests to access your credit report. Read the rest

Equifax finally publishes a tally of what got breached when it left 146.6 million credit files unsecured

Ever since the news of the Equifax breach broke last September, we've been waiting for the company to publish an authoritative tally of what, exactly, got breached. Read the rest

Attempted murder by cheesecake for the purpose of identity theft

A Brooklyn resident is lucky to be alive. After allegedly accepting a gift of poisoned cheesecake from Viktoria Nasyrova, she began to feel ill. A friend later found the Brooklyn-ite unconscious and surrounded by scattered pills, as if she had apparently attempted suicide. Rushed to a hospital and survived, remembering only a hovering Nasyrova nearby as she passed out.

Apparently the victim's passport and other critical identification/work enabling paperwork had been stolen from her apartment, and Nasyrova looks an awful lot like the victim. Someone is in custody. Hope it is the right one. Read the rest

Man discovers he has been impersonated on Amazon by a money-launderer selling $555 "books" full of computer-generated word salad

Amazon reported to the IRS that Patrick Reames had made $24,000 selling books on its Createspace self-publishing platform, but Patrick Reames never got a dime of that money; it appears that a money-launderer who had Reames's Social Security Number used a fake book to cash out money from stolen credit cards by buying the garbage book repeatedly and pocketing the 70% from each sale. Read the rest

Fedex bought a company that stored 119,000 pieces of scanned customer IDs in a public Amazon cloud server, shut the company down, left the scans online for anyone to download

Fedex acquired a company called Bongo International in 2014; Bongo specialized in helping North American companies sell overseas and after the acquisition, Fedex renamed the company FedEx Cross-Border International. Read the rest

New York Times profiles a sleazy Twitter follower-farm, the sleazy serial liar who made millions on it, and the celebs, politicians, sports figures and "influencers" who paid him

Devumi is a sleazy Twitter-bot farm founded by German Calas, a serial liar who buys wholesale Twitter bots from even scummier bottom-feeders than him, and pays a series of low-waged patsies to direct them to follow people who want to seem more popular and influential than their actual Twitter follower-count suggests. Read the rest

Wired releases a surveillance self-defense guide

Wired's new Guide to Digital Security is an excellent addition to the genre of simple-to-follow how-tos for reducing the likelihood that you'll be victimized by computer-assisted crime and harassment, and that if you are, the harms will be mitigated. Read the rest

Democratic Senators propose federal breach disclosure law with 5-year prison sentences for covering up data-loss

The Data Security and Breach Notification Act (S2179) was introduced by three Senate Commerce Committee Democrats, Bill Nelson [D-FL], Richard Blumenthal [D-CT] and Tammy Baldwin [D-WI] in the wake of the revelation that Uber hid a breach involving 50,000,000 riders and 7,000,000 drivers for over a year after paying hush-money to the criminals who stole the data. Read the rest

Once you have a student's name, birthday and SSN, the US Department of Education will give you EVERYTHING else

The US Department of Education's Free Application for Federal Student Aid program requires any student applying for federal aid for college or university to turn over an enormous amount of compromising personal information, including current and previous addresses, driver's license numbers, Green Card numbers, marital details, drug convictions, educational history, tax return details, total cash/savings/checking balances, net worth of all investments, child support received, veterans' benefits, children's details, homelessness status, parents details including SSNs, and much, much more. Read the rest

Motherboard's excellent, accessible guide to internet security

The Motherboard Guide To Not Getting Hacked is an excellent adjunct to existing guides (I like EFF's Surveillance Self-Defense and The Cryptoparty Handbook) to defending yourself against criminals, stalkers, cops, and other potential intruders into your digital life. Read the rest

A quantitative analysis of doxing: who gets doxed, and how can we detect doxing automatically?

A group of NYU and University of Illinois at Chicago computer scientists have presented a paper at the 2017 ACM Internet Measurement Conference in London presenting their findings in a large-scale study of online doxings, with statistics on who gets doxed (the largest cohort being Americann, male, gamers, and in their early 20s), why they get doxed ("revenge" and "justice") and whether software can detect doxing automatically, so that human moderators can take down doxing posts quickly. Read the rest

Woman blames 15 identity thefts on Equifax breach

Katie Van Fleet has suffered 15 identity thefts since the Equifax breach and she believes the criminals who've targeted her are using information from the breach to open credit cards in her name; she's started a class-action suit against Equifax. Read the rest

Equifax will give your salary history to anyone with your SSN and date of birth

Equifax division TALX has a product called The Work Number, where prospective employers can verify job applicants' work history and previous salaries (it's also used by mortgage lenders and others): you can create an account on this system in anyone's name, provided you have their date of birth and Social Security Number. The former is a matter of public record, the latter is often available thanks to the many breaches that have dumped millions of SSNs (the latest being Equifax's catastrophic breach of 145,000,000 Americans' data). Read the rest

Predictably, Wells Fargo loves Equifax and suggests investing heavily in the company

Wells Fargo analyst William Warmington Jr has upgraded shares in Equifax to "outperform," predicting that the company will bounce back from the 30% haircut its market cap took when it was revealed that the firm committed the worst commercial data-crime in world history and then twiddled its thumbs for a couple of months before telling anyone and then allowing its CEO to resign. Read the rest

More posts