this post was submitted on 16 Feb 2026
825 points (98.4% liked)

Technology

81451 readers
4413 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
825
All U.S. Social Security numbers may need to be changed following a massive breach that is already being investigated as a national threat (www.ecoticias.com)
submitted 2 days ago by Cnote5@lemmy.world to c/technology@lemmy.world
159 comments fedilink hide all child comments
 

According to a protected disclosure filed with the Office of Special Counsel, Borges told the Government Accountability Project that DOGE officials working at Social Security created a “live copy” of the country’s Social Security records in a separate cloud environment that sidestepped usual security checks.

The group says those lapses put the Social Security information of more than 300 million Americans at risk.

you are viewing a single comment's thread
view the rest of the comments
[–] Archer@lemmy.world 113 points 2 days ago (2 children)

They actually need to publicly release everyone’s SSNs so that they can’t be used for authentication anymore, which they never should have been

[–] mic_check_one_two@lemmy.dbzer0.com 31 points 2 days ago (2 children)

I’ve been saying this for literal years now. They should release a publicly searchable database of every single SSN, name, and DOB. Force organizations to stop using those as a form of ID, because they’re not secure and never have been.

Give it like a year of lead time. Like announce “March 1 2027, we’ll post the database” and then that gives institutions a full year to figure something new out.

[–] Void@feddit.nu 1 points 22 hours ago* (last edited 22 hours ago)

This is the reality in some other countries. In Sweden, our "SSN" is our date of birth followed by four numbers that have different meanings depending on when you were born. During the period I was born it was an area code, and a binary of male/female and a control number. This has changed over time to not be exactly the same for newer generations. All of this information is available publicly to search for through our version of the IRS that then trickles out to various private companies that just publish it out right.

I personally have a dislike for this system, as I am a major privacy enjoyer. But people can't really do anything with the information if they had it. If someone looks up my name and SSN, they have it, but can't bring me harm.

[–] technocrit@lemmy.dbzer0.com 2 points 1 day ago (2 children)

Why not photos too? jfc.

[–] ExLisper@lemmy.curiana.net 1 points 21 hours ago

All this data and more is publicly available in many countries.

[–] psoul@lemmy.world 2 points 1 day ago

And your mother’s maiden name

[–] remotelove@lemmy.ca 15 points 2 days ago (1 children)

SSNs are generally considered public information but how the SSN is linked to other information is usually the more difficult bit to find and it's generally pay-walled. (Any jackass with a business license and a credit card can usually buy background check information for 'hiring'.)

But no, it shouldn't be solely used for authentication. That is just dumb. However, it can be used as part of a larger verification and validation scheme while building authentication/authorization profiles. In most systems that I have seen that use full or partial SSNs, it is always linked to several other identifiers that need to match.

[–] Archer@lemmy.world 19 points 2 days ago (1 children)

They are definitely not. People consider it increased risk for identity theft if they hear their SSN was stolen and you just cited how people are still using them in part for authentication. They need to be completely useless for authentication

[–] remotelove@lemmy.ca 7 points 2 days ago* (last edited 2 days ago) (1 children)

I am making a slightly different point and have a bias to this perspective: https://www.legis.iowa.gov/docs/publications/SD/19230.pdf

I am saying that an SSN can be part of a larger validation scheme, not the only key to the castle. Specifically for government sites, SSNs can be linked to IRS data to verify places of last residence. A person generally needs to verify multiple items that are referenced by the SSN before basic authentication can be established and set by the user. (This is part of the full Authentication, Authorization and Access Control triad.)

An SSN is just a broad level identifier. If you look at many laws around the release of SSNs, the redaction is usually in place to prevent the linking of different documents and other data points.

If I released my SSN in this chat, I could be fully doxxed in a matter of seconds. It's mainly because there are many legal systems in place that use an SSN as a primary key, of sorts. (It's a bit more than that, as SSNs can be duplicated in some circumstances.)

So to say, at a high level, an SSN is considered private is absolutely correct. However, it's so easily referenced and obtainable it really isn't fully private either.

If I was to generate a full list of every possible SSN in the US (which I have done, multiple times), that list is effectively useless to anyone who obtains a copy of it. So, by itself, an SSN is effectively public.

[–] UltraGiGaGigantic@lemmy.ml 1 points 1 day ago (1 children)

If I released my SSN in this chat, I could be fully doxxed in a matter of seconds.

000-00-0002

[–] remotelove@lemmy.ca 2 points 1 day ago (1 children)

000, 666 and 900-999 are invalid area numbers and any digit group of all zeros is also invalid. Thanks for playing!