Submitted 8 hours ago by herseycokguzelolacak@lemmy.ml to technology@lemmy.world
https://cybernews.com/security/global-data-leak-exposes-billion-records/
The core purpose of KYC - to make it harder to launder money, and for the ultra rich to hide away their ill gotten gains - is not evil, far from it.
The fact the very same people which benefit from a perception that KYC is evil, are the same people making the decisions which directly lead to data breaches, is obviously a complete coincidence!
Bruh, the ultra rich have operated state sanctioned child rape islands for several decades. Do you really think KYC has any impact on their crimes?
If so, I have a bridge you might be interested in acquiring…
those crimes in specific? no.
in how they carried out specific other crimes? yeah, it changed methodology at very least. it sounds like you don’t understand KYC. it was not targeted at sex trafficking.
KYC does nothing against rich people. Panama Papers came out and nothing happened. Law enforcement does not target rich people.
Yep. KYC is to stop the movement of funds that could be used to undermine the system. A.k.a terrorism.
I agree that KYC isn’t inherently evil. But the way its been weaponized is.
For instance in the telecommunications space it make total sense for mitigating spam SMS messages and Robocalls. But the carriers all sell your data for profit. They also don’t protect your data properly and are breached all the time. That’s malicious.
So no, I won’t throw the baby out with the bathwater and agree its an oversimplification to simply call KYC evil. But I also don’t blame people when all they see is abuse and never a good and proper implementation that isn’t exploitative.
There’s also an execution problem.
Truly knowing your customer might produce very different outcomes than the current compliance checkbox approach.
“I know Fred just sold his old car. The idea he suddenly has $12k in cash is not suspicious” or “Jane’s been talking about going to Montreal for momths. We should not block her card when it lights up there.”. That’s real KYC, but it requires human connection and human judgement, which doesn’t scale and doesn’t provide the right paperwork for demonstrating compliance with arbitrary mandates.
There’s also an execution problem.
There absolutely is. Way too many of these fuckers are still breathing.
I think about this kind of simplistically.
Firstly, answer to yourself is it practically possible to store and use vast amounts of data safely, without risk of being compromised?
If you say no, then we shouldn’t be doing this. If you said yes:
Since you think it is practically possible to do safely, the penalty for any company who fails to do this should be instant corporate death. Instant nationalization and liquidation to compensate the victims. People who are found in court to be responsible should face severe consequences. Criminal negligence, multiple counts.
That’s the only way I see to get all of these data hoarding fucks to take it seriously.
/end pipe dream
The EU GDPR doesn’t go nearly far enough.
If I order online, my data only needs to be retained until I get my item. A electronic receipt can be sent via email.
Social networks should have human moderation, and not insist on retaining real-world data about users.
These things could be accomplished through regulation, and if enough countries (or US states) put those regulations in place it will eventually be more cost-effective for companies to implement the changes globally.
Last week, we published our team’s findings about an exposed Elasticsearch cluster that contained over 160 indices and held 8.7 billion primarily Chinese records, ranging from national citizen ID numbers to various business records.
Last December, the team uncovered an unprotected database containing 4.3 billion records, some of which included LinkedIn-derived personal information. The 16TB-strong instance contained emails, photos, employment histories, and other personal data. A single collection alone contained 732 million records, including photographs.
In July, Cybernews covered one of the largest data leaks in history, after researchers discovered several collections of login credentials, containing 16 billion records. The team found 30 exposed datasets, each containing tens of millions to more than 3.5 billion records.
The leaked data included login info for just about every online service, including Apple, Facebook, Google, GitHub, Telegram, and even government platforms.
Damn…
60m records in Germany. That 3/4 of the population. The US has 350m inhabitants. 200m leaked records accounts for more than half!
The Cybernews research team discovered an exposed MongoDB database containing nearly 1 terabyte of personally identifiable information (PII) exposing approximately a billion sensitive records across 26 countries.
Welp. I guess, time to change passwords.
holy shit I used this exact method this week at work to extract a paid-for database for free.
“At this scale, downstream risks include account takeovers, targeted phishing, credit fraud, SIM swaps, and long-tail privacy harms. Industry-wide, the case underlines how third-party identity vendors have become critical infrastructure and can become single points of catastrophic failure,” our team explained."
Wouldn’t Username + Password + SIM = 2FA password reset?
Gotta love how the blog is nothing but “We’re awesome, data leaks cannot happen with our architecture”. Something about advertising too much is making up for lack of actual skill or something
Rewriting history
Sounds more like big corporations are the problem here
Why? Little corporations must comply with KYC law, too. They’re all required to gather personal data. Big or small, the data hoarding is required.
If a small business comply with KYC laws and gets breached, less than 1000 people get impacted. One would have to breach a million different companies to equal the scale of a single mega corporation.
This happens every now and then, new or old data, several accounts, sometimes billions. Far too frequently.
If the GDPR were worth a damn, this leak of over 200M data subjects’ data should be more than enough to completely liquidate this company to pay for damages.
4grams@awful.systems 1 hour ago
And it’s all part of ai training data now too.
I used to wonder when I watched “Star Trek TNG” as a kid, how they could ask for and get such detailed biographical information of a long dead person, enough to recreate that person convincingly, in a holodeck. Well, I guess I have my answer.
I really thought I’d be living in something like the federation one day, instead I’m here boning up on the Ferengi Rules of Acquisition.