1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Alteryx Data Leak Exposes Information for 123 Million Households

Discussion in 'Economy' started by Susan Addams, Dec 25, 2017.

  1. Susan Addams

    Susan Addams Unregistered User

    Yep, they did it again. Considering America is ... (guessing) ... 320 million pop? It seems to me that 123 million must include most households considering many are paired up, and minus children (not that they can't have identity theft too).

    https://www.lifelock.com/education/alteryx-data-leak/?cid=em_crm_DB_notification_learn_more_link

    What next? We have all been multiply exposed. The only people left are homeless and dogs and cats.
     
  2. Susan Addams

    Susan Addams Unregistered User

    Considering this and numerous breaches over the last 2-3 years with everybody from Equifax to now Alteryx to major retailers... Just what exactly is our chance that each of our own identities and financial secret data have NOT been breached?

    I hazard a guess that the number is vanishingly small. Probably not zero, and while many homeless have identities and are in the system, they too have been breached, and they form fodder or "tools" useable by hackers for nefarious purposes. Even babies can have their identities breached. Same thing: It's a name and an SSN.

    I propose a new system:

    1.) Let's get rid of MMN as an identifier. The genealogy sites have ruined that. Yeah there are many people with my same name, but is my risk zero? No! My risk is just a bit lower than Amphromogustus Zenowazooiman's risk. He had a mother too! He'd probably be easy to find on a genealogy sites if I hadn't just made up the name. (Allene I'm sorry but your favorite sites are ruining our privacy. I tried to opt out of a few sites and they basically told me to go to hell. Or ignored my request.)

    2.) WITSEC for ordinary people: No not really, but we need to get rid of the NNN-NN-NNNN Social Security numbers. At least the government is finally getting a brain and beginning 2018 Medicare recipients are going to get Medicare cards that don't have their SSN on them. As it is now, add your SSN + usually the letter A and that's your Medicare ID.

    Instead we need a new SSN numbering system, perhaps NNNN-NNNN-NNNN, or any plan that makes the number set vastly larger than the number of valid numbers. Our US population is currently about 333 million. That's 9 digits. That's people who are alive today, not including those born and died under the SS system, but they still have numbers too. How many SSNs have been used? Google says 450 million. The current system has a capacity of less than a bit over 999 million. (In theory, 1,000,000,000 but many are unusable, eg. 999-99-9999, while others have been used as examples. What is the most often used fake SSN? It's 078-05-1120 Let's look at it numerically: almost half of all SSNs are being used or have been used, 450 million out of 999 million more or less. That's a 9 digit system.

    My system has 12 digits, enough to let our grandchildren face the next crisis, or their grandchildren. With 12 digits you'd have 1/2000 less chance of stabbing a real number.

    And finally, you get your SSN assigned and unless you go into WITSEC your number is yours for life. Your MMN is yours for life. SSNs are assigned by blocks, to hospitals' birth wards. You are issued at birth. Knowing your birth date and place there's a good chance you can guess which 4-5 blocks were active at that time. You can attack the last 4 digits with a dictionary of 10,000 numbers (4 digits), and have 4-5 groups to attack. I'll stab at a guess: if somebody knows your date and place of birth they have a possible maybe 50,000 numbers to attack and one of them is likely yours. (We also have to get rid of this block assignment system. We have computers. A birth ward could login to a national system and get a totally random NNNN-NNNN-NNNN SSN.

    Furthermore when somebody finds your NNNN-NNNN-NNNN, the IRS could simply issue another and move your records over.

    We Americans are such suckers to allow our identities to be abused by such a brain dead system. Let's do something about it!
     
  3. Allene

    Allene Registered User

    Suzy, I'm not sure which sites you've visited. If it's sites like Ancestry's public trees, I don't post anything there. Also, a responsible genealogist doesn't post information on living people online. My rule is they should be dead for at least 100 years. In my case, I won't even give close cousins anything more recent than the names of their grandparents, which they already know. Why? Sometimes babies get born too early, and I'm not going to falsify my research just to keep some people happy. That said, I agree with getting rid of MMN as an identifier.

     
    Last edited: Dec 25, 2017
  4. Susan Addams

    Susan Addams Unregistered User

    Allene, you misunderstood me. It is the sites that list my personal info that I was complaining about. I know nothing about any posts you may have made or anything you may have written.

    My complaint is against the sites themselves. I don't want them to show my own MMN. But they do it anyway and there isn't a damned thing I can do about it. Well there is. The government and financial sites should quit using MMN as an identifier. Then I wouldn't mind at all if my own MMN was available to the public. Who knows, a long lost relative might find me. But I'm more worried that an identity thief may use my MMN against me! Maybe some day I'll get interested in your hobby.

    I am dreadfully sorry that I am stomping on your hobby since I know you love the subject and the sites. I just wish they would provide a mechanism for people like me who don't want my MMN to be posted for the general public to OPT OUT.


    And while we are on the subject: those damned DNA kits! You should be able to buy one at any anonymous pharmacy or drug store, with an included serial number and secret identifier. You take your sample and mail it in for analysis. Then to get your results you login to their site and type in the serial number and secret identifier to get your results. They never at any time know your real identity!

    I don't want to have my DNA added to a DNA registry with my real name associated with it. If I could do it anonymously I would have done it years ago. Just think of all the health info I could discover about myself, and it would be interesting to see my ethnic heritage. But I am not willing to give up my anonymity and get added to a national DNA database.
     
  5. Allene

    Allene Registered User

    Suzy, I know you were talking about the sites, that's why I asked you which sites you were talking about. Then I provided information on how I handle the people who go on my tree before I pass any of it on to someone else.

    DNA tests are the best thing that ever happened to serious genealogists, but they are intended to be shared with people who match you, otherwise you are wasting money. Yes, I know you are talking about medical DNA tests, like what 23andMe did before they ran into trouble with the FDA. They had to drop that aspect of their work, but, and I am not sure about this, I think they are now allowed to do the medical stuff again. I'm not interested in that because I have no desire to get a list of diseases that may kill me in the not so distant future. I can't live with stuff like that hanging over my head.

    I have been involved with genetic genealogy DNA testing since 2006. It was a long, slow process at first because it was in its infancy then. I use FTDNA for all my testing. The projects we join have Excel sheets of results that we can look at, but the name that goes with the kit number is the name of our most distant-known ancestor, not our own names. People who match us are shown in our private results, along with email addresses, so we can contact them and compare trees, etc. BUT, everyone can elect to not release information. Fortunately, not a lot of people do that, because it is a waste of money to do it. Genetic genealogy DNA tests need to be shared with matches to get any value out of them.

     
  6. Allene

    Allene Registered User

    I forgot to mention I'm talking about Y-DNA testing above, not autosomnal DNA. We use our real names for the latter, but they don't appear in a project list like Y-DNA does.
     
  7. Susan Addams

    Susan Addams Unregistered User

    We will just have to agree to disagree. I am not particularly interested in my lineage, although it would be interesting to see how my ethnics stack up. I'm more interested in understanding my genome in order to beware my weaknesses and be able to protect myself proactively by taking steps to address any genetic weaknesses.

    I just wish those damned sites would take off my mother's maiden name when I ask them to. I stand to lose huge amounts of money if my identity is stolen or compromised.

    But no. Their cute little family trees are more important to them than my personal identity and financial well being are to me. I'm just sorry. I'll be glad to play family tree games when it doesn't stand the potential to cost me tens or hundreds of thousands of dollars or more in financial loss.

    Please, just take my MMN off the damned genealogy sites. I can't afford the information leak. I have a lot more money than most women my age and I'm not giving it up for a pretty little tree.

    What pisses me off is that they have no way to OPT OUT and when I send requests they just blow me off.
     
  8. Biker

    Biker Administrator Staff Member

    Genealogy sites should be the least of your concerns. The sites you need to worry about are those that slurp up your data from every single source they can get their hands on via public records and then sell that data off to anyone willing to spend the 10 bucks for a full report.
     
  9. Susan Addams

    Susan Addams Unregistered User

    I joined LifeLock some months ago. I'll lawyer up.
     

Share This Page