• Chaotic Entropy
    link
    fedilink
    English
    arrow-up
    28
    arrow-down
    1
    ·
    edit-2
    1 year ago

    It’s almost like letting companies hold sensitive information, who don’t give a fuck and/or don’t have a clue, is a bad thing.

  • AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    This is the best summary I could come up with:


    A security researcher said he discovered millions of Chinese citizen identity numbers spilling online after an e-commerce store left its database exposed to the internet.

    Viktor Markopoulos, a security researcher working for CloudDefense.ai, said he found the database belonging to Zhefengle, a China-based e-commerce store for importing goods from overseas.

    The database contained more than 3.3 million orders spanning 2015 through 2020, Markopoulos said, but had not been protected with a password.

    Many of the orders also include uploaded copies of the customer’s identity card, TechCrunch has seen.

    Anyone who knew the IP address of the database could access the data inside using only their web browser.

    TechCrunch contacted the owners of the online store with details about the exposed database.


    The original article contains 212 words, the summary contains 121 words. Saved 43%. I’m a bot and I’m open source!

  • Dojan@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    1
    ·
    1 year ago

    In Sweden IDs are public domain! Easiest way to find out the social security number of someone is if you know their name and/or address. Stalker’s paradise.

    • voxel@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      1 year ago

      btw Ukraine has a huge open data platform; basically if you know someone’s name or even just a phone number, their address is likely in one of those public domain multi-gigabyte json files, together with some miscellaneous info like crime history, parents and list of government progams.
      Unfortunately only expired ids are public.

      • Dojan@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Oh it’s much worse than just the SSNs. Thankfully you can’t do much with SSNs alone, though you totally can with some social engineering, or offical looking documents. There are people that have legally died because death certificates have been filed on them, from non-existing doctors. Legally died as in the person is very much still alive. That kind of thing is a fucking mess to fix.

        The thing is, if you knew my name, or my address and age, you’d be able to find out crazy details about me.

        • My birth date
        • My full name
        • My social security number
        • Which apartment I live in
        • Directions my apartment from the building entrance
        • How large my apartment is
        • How many rooms it has
        • When I moved in
        • My criminal record
        • Which schools I’ve attended
        • Where I’ve worked
        • What I’ve studied
        • Who my current employer is
        • If I have a spouse, if so who they are and all of this info about them
        • My yearly income
        • The average income of the people in my area
        • All of this information about everyone in my building
        • If I own any vehicles
        • If so what model, make, and lit. everything about it (purchase date, approx value, when it was last serviced, odometer settings)
        • Which animals I have registered on my name
        • Their name, sex, breed, and age

        Like it’s extensive and there are websites that are built to collate all this information under one roof, then have people pay to access parts of it. You can access this info through official means for free but it won’t be neatly presented in a singular packet. I’ve also left out a lot of stuff, like my company ownership/board member status, if I’ve been politically engaged, etc. The list was getting too long.