From PC Mag:
In a disturbing find, a cybersecurity vendor discovered an exposed online database that may have been storing as many as 1 billion Social Security numbers (SSNs).
A database indexed using Elasticsearch was left open on the internet, according to security provider UpGuard. The stockpile contained 3 billion records, including email addresses and passwords, along with another dataset of 2.7 billion records, including SSNs.
Specifically, the SSNs consisted of two datasets spanning 353.3GB and 76.7GB, for a total of 430GB, UpGuard told PCMag. The company suspects a hacker or “amateurish threat intelligence vendor” is behind the database. …
17 comments:
Given the 9-digit nature of the SSN, one billion is the theoretical limit of unique numbers from 001-01-0001 to 999-99-9999. And there are ranges of numbers that are excluded from assignment.
"As of early August 2025, 548.3 million different number [sic] had been issued."
https://www.ssa.gov/history/hfaq.html
DOGE?
The company suspects a hacker or “amateurish threat intelligence vendor” is behind the database.
No surprise when SSA staff are using AI chatbots and entering private information into them. Don’t believe this is happening? Check out the reply here by a judge who uses it to rewrite disability decisions they think poorly written: https://aljdiscussion.proboards.com/thread/5805/using-ai-work
Those decisions are FULL of sensitive information about you, and you can rest assured that judge is far from the only one doing this.
Perhaps it was the idiot DOGE kid the creepy idiot president and his creepy idiot friend Elon saw fit to install at SSA for several weeks despite a well publicized history of mishandling of private information at his former employer?
@ 6:59. Presumably the AI tool referred to In the post is the officially sanctioned SSA tool, which is behind firewalls and has security features. Has nothing to do with leaking SSNs, nor is it more of a security threat than all the other stuff that SSA employees do with PPI in various SSA tools. Obviously if somebody is stupid enough to input PPI In their own private ChatGPT account that's a blatant violation.
There are less than 900 million possible SSNs. Several hundred million have not yet been assigned. So no, there’s no database with a billion SSNs.
And Leland, who admittedly and intentionally violated SSA policy and invited the DOGE fox into the SSA henhouse.
Leaders of the Social Security Administration had just opened an investigation into a career employee [Leland Dudek] they believed was improperly sharing information with Elon Musk’s cost-cutting team when President Donald Trump elevated the employee this week to acting commissioner. https://www.washingtonpost.com/politics/2025/02/22/social-security-trump-doge-musk/
The count of 3 billion records is consistent with a breach of National Public Data, a private data broker, in 2024. The breached data was subsequently made public and could very well have been indexed on a cloud database. No relation to SSA or DOGE if so.
AI tools don’t work like that. Storing away and re-accessing vast amounts of data, including any and all user inputs, are what enables them to function and “learn.” That’s precisely why guidance was clumsily issues stating in no uncertain terms that private information should NEVER be input into the chatbot. Obviously that guidance has been ignored.
One possible explanation for the apparent overstatement of numbers of SSNs is that "may have been storing as many as 1 billion Social Security numbers (SSNs)" implies a listing of every potential SSN from 000-00-0001 through 999-99-9999 in a table or spreadsheet with additional information aligned with each potential SSN.
You’ll have to be more specific. Are you referring to the openly racist idiot who was rehired by Musk and Vance via a fake online poll? Or are you referring to the nepo baby idiot who called himself “Big Balls?” Or maybe it was the other idiot who posted an online resume with “ur mom” as the only skill listed.
Only the best and brightest for this administration…
548.3 million is the total SS numbers issued since inception, and more than a billion is mathematically impossible to exist with 9 digits. So obviously same numbers are being counted more once. Thus, doesn't really tell us the magnitude ( i.e. Was it every number in existence released multiple times? Was it one number released 3 billion times?)
On average, it take the IRS twenty one months to complete an identity theft case.
No, it’s that the sentence states there are over 2.7 billion records, SOME of which are SSNs. Y’all just can’t read.
Why are we talking about Leland? What is Frank's involvement?
Didnt have those high reading comp scores did ya
Post a Comment