A single, mysterious server exposed 1.2 billion user records

Originally published at: https://boingboing.net/2019/11/23/nuclear-waste-brokers.html


I assume that when they sell this data, there are individualized canaries hidden inside that can be used to track the buyer in case of breach or misuse, right? …crickets…


Not to completely discount Hanlon’s Razor, but especially considering the high value this “nuclear waste” has to so many people, I’ve marveled at how easy it would be to bury all sorts of willful nefariousness under the pretense of “did I do that? Golly gee, you know I’m just useless with computers.” I wonder if we aren’t a little too quick to accept incompetence as plausible denial for what might be termed data laundering.

Could be that in my day job I’m going to be spending the rest of the year racing to implement CCPA requirements for a company that doesn’t have a strong dependence on customers’ private data (and it still sucks), but it occurs to me this insanely large leak happens just weeks before millions of Americans gain the legal authority to demand extraction and deletion of the PII companies have collected on them. But once that data is in the hands of people who have signed no contract, by accident or by “accident,” the horse is out of the barn. No identifiable entity owns or controls that blob of data, so legally there’s nobody to send requests to.


Here’s a radical idea, everyone stop using the internet, social media, and all the other electronic bullshit, and let’s see what happens…

No, that doesn’t apply to me though…


So selling data on 1.5 billion people is a normal thing now.


Arms dealers say approximately the same thing.


Don’t know about you but I’m using the internet right now.


The internet is coming from inside the house!


Just got my HaveIBeenPwned alert…

And, shit like this will continue until those that suffer ID theft etc… resulting from misuse/unethical collection of their data sue a-holes like this back into the stone age.

The argument could be “well this is all public data that anyone could collect, so we don’t have any liability because it was all public info anyway.” My counter argument: Yeah, but you facilitated whatever crime resulted because you actively collected, then sold said collected package.

That’s actually the real point of any sale of consequence: pass liability and responsibility down the pyramid.

1 Like

“Buck passing” should be an Olympic event.

It’s the new-and-improved normal.

This topic was automatically closed after 5 days. New replies are no longer allowed.