• Chaotic Entropy
    link
    fedilink
    English
    24
    edit-2
    1 year ago

    It’s almost like letting companies hold sensitive information, who don’t give a fuck and/or don’t have a clue, is a bad thing.

  • AutoTL;DRB
    link
    fedilink
    English
    61 year ago

    This is the best summary I could come up with:


    A security researcher said he discovered millions of Chinese citizen identity numbers spilling online after an e-commerce store left its database exposed to the internet.

    Viktor Markopoulos, a security researcher working for CloudDefense.ai, said he found the database belonging to Zhefengle, a China-based e-commerce store for importing goods from overseas.

    The database contained more than 3.3 million orders spanning 2015 through 2020, Markopoulos said, but had not been protected with a password.

    Many of the orders also include uploaded copies of the customer’s identity card, TechCrunch has seen.

    Anyone who knew the IP address of the database could access the data inside using only their web browser.

    TechCrunch contacted the owners of the online store with details about the exposed database.


    The original article contains 212 words, the summary contains 121 words. Saved 43%. I’m a bot and I’m open source!

  • Dojan
    link
    English
    31 year ago

    In Sweden IDs are public domain! Easiest way to find out the social security number of someone is if you know their name and/or address. Stalker’s paradise.

    • voxel
      link
      fedilink
      English
      5
      edit-2
      1 year ago

      btw Ukraine has a huge open data platform; basically if you know someone’s name or even just a phone number, their address is likely in one of those public domain multi-gigabyte json files, together with some miscellaneous info like crime history, parents and list of government progams.
      Unfortunately only expired ids are public.

      • Dojan
        link
        English
        61 year ago

        That’s terrible. I don’t understand why governments do that.

    • @asdfasdfasdf
      link
      English
      31 year ago

      SSNa were supposed to not be sensitive info in the US as well, but in practice they were used as such.

      • Dojan
        link
        English
        11 year ago

        Oh it’s much worse than just the SSNs. Thankfully you can’t do much with SSNs alone, though you totally can with some social engineering, or offical looking documents. There are people that have legally died because death certificates have been filed on them, from non-existing doctors. Legally died as in the person is very much still alive. That kind of thing is a fucking mess to fix.

        The thing is, if you knew my name, or my address and age, you’d be able to find out crazy details about me.

        • My birth date
        • My full name
        • My social security number
        • Which apartment I live in
        • Directions my apartment from the building entrance
        • How large my apartment is
        • How many rooms it has
        • When I moved in
        • My criminal record
        • Which schools I’ve attended
        • Where I’ve worked
        • What I’ve studied
        • Who my current employer is
        • If I have a spouse, if so who they are and all of this info about them
        • My yearly income
        • The average income of the people in my area
        • All of this information about everyone in my building
        • If I own any vehicles
        • If so what model, make, and lit. everything about it (purchase date, approx value, when it was last serviced, odometer settings)
        • Which animals I have registered on my name
        • Their name, sex, breed, and age

        Like it’s extensive and there are websites that are built to collate all this information under one roof, then have people pay to access parts of it. You can access this info through official means for free but it won’t be neatly presented in a singular packet. I’ve also left out a lot of stuff, like my company ownership/board member status, if I’ve been politically engaged, etc. The list was getting too long.