It’s all over the news, I’d just like to comment on it.
Apparently a group of researchers at Carnegie Mellon have figured out a way to guess the first 5 digits of anyone’s social security number who was born after 1988 just by knowing your birth date and location, and a full 9 digit number of anyone’s within just 1,000 guesses (a true random 9 digits would take almost a billion guesses).
Basically this doesn’t just instantly give the bad guys anyones number, but it makes it easy enough to guess that any “customer service” jerkoff representative at a place like Comcast can probably deduce the first 5 digits of your SSN and get you to give them the rest since they use the last four digits as your PIN number.
I’d assume most employees at most telephone and cable companies, hell, the utilities too could probably just do this:
1. Jot down the customer’s name and address and last 4 SSN digits as they take their normal flow of daily customer support calls.
2. Match the customer’s info to public information databases to find out where and when the customer was born.
At this point they’ll guess once or twice and have the customer’s full SSN number.
At this point, they rent a cheap apartment out in the slums somewhere under a false name, where the slumlord accepts cash payments, sign up for credit cards and such using the fake address, and before the police are onto them, they just stop paying the rent on that apartment, take the money they cheated the victim out of, and leave.
Identity theft is getting to be more and more of a problem, and there is no real defense against it.
Even despite all the expensive “credit monitoring services” like Lifelock (whose CEO had his identity stolen with the thief using the SSN number the guy blasted all over the TV commercials to prove how safe his company keeps your data), there just is no way to secure your identity because SSNs were never meant to be used for identification. Early Social Security cards even had “Not for Identification” stamped clearly on them.
Identity thieves used to just pay companies under the table to “lose a laptop” every once in a while that just so happened to have data from thousands of customers on it, but now it doesn’t even take that much effort.
Thank your politicians for not outlawing the use of an SSN for identification purposes!
