The Dark Web has my SS number, dammit

GAH. Got notice my Social Security number’s shown up on the dark web, along with name, address (old and current) and telephone number (old, new, and what the hell?).

Already have my credit on lockdown with all three reporting agencies, have for years, as well as a credit alert set up with one of my credit card accounts. Spent the last several hours going through all my online financial accounts to check for anything hinky (nothing) and change all my passwords.

So far, so good. The alert discovery is dated yesterday. Hopefully I’ll be okay, but what a disturbing pain in the ass.

And now I have to go update the password on my Kindle Paperwhite and Kindle Fires.

You aren’t alone. I got a similar notice from ATT. This article says that this data breach affected 70 million people.

I just keep monitoring my credit score, and watching my bank accounts. Nothing yet, and, quite frankly, I’m not terribly worried.

Yeh, I’m trying to stay calm (after my initial freakout), since it seems as if there’s no real defense against info theft, no matter how careful you are, so all you can do is set up whatever defenses you can, stay alert, and hope for the best while staying on guard for the worst.

ETA: Thanks for the article link. It makes me feel a good deal better. This part is rather depressing but not really surprising:

Jay Jacobs, an analyst who worked on Verizon’s data breach reporting, told NPR in 2015 he believed 60% to 80% of Social Security numbers had already been compromised by hacks – and that was before the 2017 Equifax breach affecting 148 million people.

Same here. Equifax sent me the warning and no suggestions to get it removed.

My State offers a Arkansas Identity Theft Passport.

It’s challenging to get. Need a police report and documentation that a Bank Account was fraudulently created in your name. Has to be a Brick and Mortar bank. Not paypal, cashapp chime etc. I was victimized in early June and am applying.

Looks like a drivers license. You can submit it with Equifax disputes and to get financial accounts closed.

It can help avoid an arrest.

Anyone that is using your name and commits crimes. The cops may show up at your door. Show them this new ID and explain the Identity theft.

Substantially everyone has had all their information stolen at least once. Fretting about yours being special is IMO silly.

Relax. It’ll all be fine until the Russian government turns off everyone’s credit overnight.

Oh, now I feel ever so much better!

I have a list that contains the Social Security numbers of every American.

The information (SS numbers, addresses, email etc…) of every single person in the USA was breached a few months ago. I’m surprised it took this long to show up here on the dope.

Freeze your credit, change your passwords, and check your reports regularly. Not much else you can do. The people who let this out (some fly by night background check outfit in Florida) almost certainly won’t see any consequences.

Such is the world we live in.

I got a message from a card company that they’ll keep a lookout for it. What a hot mess. It’s such a headache for anyone affected. I’m hoping I don’t get any notices, like everyone else, I’ve got enough right now.

This isn’t quite accurate - the NPD breach included the SS numbers of quite a lot of dead people, inflating the total numbers. I checked for mine and apparently it was not compromised in that particular breach.

But I’m sure sooner or later it will be if it hasn’t already.

Yep.

I read the title and my Pee Brain thought, “Well, that’s what you get for being a Nazi!”

And then I did the math…

Pretty much. This latest breech was just … meh … from me. My info was in that breech. My info has been out there for at least a couple decades. I don’t really worry about it. I have my credit frozen and sleep soundly. If something happens, it can be sorted.

Fully agree with both comments (well, not sure about the Russian government thing! :laughing:)

I was going to say that I wasn’t aware of any of my info having been stolen in a data breach, but I just remembered that I got a notice from some large institution recently about a huge data breach and offering free credit monitoring, which I never bothered following up on. So breaches of this kind are indeed common, but t’s just not a huge deal to me. Out of curiosity I did request a full Equifax credit report recently and there was nothing suspicious on it.

I actually received three notifications about this breach from the three different services that monitor such things for me. On the one hand, boo hiss that it happened on the other hand, hey these monitoring services really work.

//i\\

How did you find out about this?

Absent any alerts from CC companies or banks, how can I safely search for evidence of a leak of my info?

I also have three services - one through work, one through a credit card, and one through a previous breach. Only one of them has notified me so far. That’s a bit disappointing.

Got a credit monitoring notice this morning that an id/password pair had been found on something called “United States Email Providers Combo List 4M”. It’s a combo I use for a couple of non-sensitive sites, so I won’t lose any sleep over it (but I’ll probably change it anyway).

Like several posters above, I assume that everything significant about me is out there on the web (white, dark or grey). Aside from freezing my credit, not much to be done that wouldn’t resemble a Whack-a-Mole game.

(Side note: I really wish companies would use something other than an email as an identifier, since that has become something akin to an SSN [in the US] as a universal ID. While I’m at it, I may as well wish for a pony [and world peace].)

I’ve been notified several times that my stuff had been breached. I’ve frozen my credit. I monitor it through Credit Karma. I use a password generator that produces awesome passwords. I use an app that provides two factor authentication. More than that I cannot do so I let it go. I’m not going to spend my days worrying that some little dweeb is selling my stuff to buy another perk for his Mom & Dad’s basement or the Chinese and Russians want to do something nefarious with my info. It’s futile activity.

Well, this is not the case for me anyway. If you own a domain name, pretty much all registration services allow you to create email aliases, so you can have something like ottodafe_sdmb point to your primary email address. If that particular email alias gets compromised, you can set it to go nowhere and create another alias. I do this for just about everything I subscribe to so that closing an account with that service means I don’t get any more spam emails from them begging me to come back.

//i\\

Got an email notice to go to my credit card account and look at the alert from Creditwise.