bilbobaggins

joined 3 months ago
 

You may have heard about a lawsuit filed regarding a data breach concerning social security numbers. I encourage you to read at least the first few pages of the linked class action complaint to see how massive a violation of privacy this is.

The data breach concerns National Public Data, a company which offers background checks. They collect personally identifiable information (PII) as a part of their business. The defendant claims that NPD scraped PII from non-public sources (¶11). NPD then stored the data in an insecure manner and did not adequately protect this personal information (¶25). Consequently, a hacking group by the name of "USDoD" stole records of 2.9 billion individuals from NPD. According to the document, the data was independently reviewed by VX-underground, the cybersecurity company. They confirmed the breach included full names, address and address history, and social security numbers. They were also able to identify familial connections, both living and deceased (¶ 22-24).

Based on this class action complaint, NPD's conduct was grossly negligent, leading to potential identity theft for almost anyone in the United States. It was also a massive privacy violation by scraping data from non-public sources. Even after they took millions of Americans personal information, they failed to secure the data from hackers.

Criminals can ruin your life if they target you with this information. They can open lines of credit without you knowing. You might only find out until creditors call you, demanding that you pay them back (¶60).

So, yeah. I am very concerned. I'll have to figure out how to defend against this identity theft. Overall, I'm new to the privacy community, but I'm feeling like "privacy" in the United States is an absolute mess. If your data wasn't somewhere on the dark web, it might be now. Protect your data. Stay safe.

[–] [email protected] 8 points 2 months ago

Very enlightening read. That service lock-in is so real. I had some passkeys in Google Password manager (Android) just to try them out, and then wanted to move them to Bitwarden. I had already disabled Google Password manager on my phone to use Bitwarden. Imagine the headache I had to deal with to move a single passkey over to Bitwarden (really, I deleted one and added one, while dealing with UI hurdles). Until this improves (if ever), I'll probably stick to my passwords and normal 2FA.

[–] [email protected] 11 points 2 months ago (4 children)

Yeah, I noticed incomplete support as well even though I do have Android 14. I opened an incognito tab on my phone to log in to Google with my passkey and it kept asking for my device fingerprint. Not the passkey I saved in Bitwarden. It still logged me in but it wasn't quite right. Feels like Android really wants me to use Google's passkey manager 😓 hopefully this all changes in the future

 

A lot of services support passkeys. Microsoft even has an option to make my account "passwordless". Since they are more secure than passwords, will you be switching some / most of your accounts to passkeys any time soon? Interested to hear everyone's thoughts on passkeys. 🔑

[–] [email protected] 2 points 2 months ago

adding on to what people have said about Bitwarden, it supports passkeys but LastPass still doesn't?! if you want to increase your security even more, then definitely consider passkeys 🔑