Catching up with my online reading a bit tonight, I found a link to a site which will check if your social security number is in their database of known stolen SSNs. I’ll not link to the site directly, because I want to save any of the less intelligent web users who accidentally find me site from doing something not-very-bright (I know both the regular readers of my site are so astonishingly above average intellect that not only would they not fall for this, they can actually read the mind of criminals attempting to steal their SSNs). All you have to do to see if you are in this stolen SSN database is enter your SSN into the handy-dandy search field. This news is a couple of days old already from the DownloadSquad folks, and thankfully there are a number of commenters there who have already pointed out the problem with this service.
So where did they get their data from? Well from the FAQ on their site, here is their response. “The information that powers StolenID Search is found online, by looking in places where fraudsters typically trade or store this kind of information. All information behind StolenID search is publicly available, but not in places where search engines such as Yahoo and Google would look. TrustedID abides by all state and federal laws in the collection and provision of this compromised information. The information behind StolenID Search comes from collection efforts led by TrustedID directly and also from other reputable companies that assist us in finding this information on our behalf. One of those companies is Cyvellience.”
Note that I am not saying StolenID Search is a web site operated by evil ub3r hackers. I am not saying you can’t trust the folks holding this information to protect the information you enter or the information they already have. I’m not even saying you will be exposed to any actual risk of identity theft if you use the site. I’m pointing this site out and warning against using it because giving out this information online just isn’t something you should ever do when you can avoid it. If you ever see something like this, please think carefully about what risk you are taking sending this information to people unknown. The site seems to have the recommendation of some seemingly trustworthy security and privacy resources. The site may be run by the most trustworthy people in the universe, and a chorus of angels may accompany everyone associated with the site to protect them from ever suffering ill. That still doesn’t make me feel I should send them my SSN.
[tags]Brilliant way to steal identities online, How to dupe trusting people[/tags]