by mjevans on 1/4/20, 6:03 AM
I agree with
https://twitter.com/constmontague/status/1213309357204688899"... we need a new personal identifier, SSNs are all stolen at this point"
Though identity and authentication should be different things, as an identifier the only real problem with SSNs is that we should be using UUIDs instead.
The hard part is authentication, which should have a far more secure process than merely knowing 9 digits everyone (re)uses.
by nedwin on 1/4/20, 5:48 AM
Why are they notifying folks via mail instead of good old fashioned email?
Haven't got a letter yet but would be super easy for me to check my inbox...
by numchk on 1/4/20, 3:57 PM
As more Social Security Numbers are leaked from security breaches like Equifax et al - I have done a deep dive into all things publicly known about SSNs and published the results on a hobby site (with limited ad revenue to cover the server cost) to both educate myself on the historic data contained in a social security number, how its usage has changed throughout the years (enumeration at birth in the 80's for example) and then how finally the state and date information was removed around 2009 so that numbers are now randomly assigned. For those born before the 2010 - there is a real information encoded (or deduced) from your number beyond what most are aware. If you are curious what types of information a hacker could deduce, or additional ways your SSN could be mis-used if disclosed (or guessed) take a gander at
https://numchk.com/
by etaioinshrdlu on 1/4/20, 6:26 AM
Is this relevant to LLC formation only or also c corps?
by throwGuardian on 1/4/20, 8:02 PM
Why was Stripe sharing something as critical as [SSN+Name] with a third party? If Atlas is simply a white labeled service of another service, then I hope it was prominent in Stripe's communication with customers/potential-customers. I say this because the market has many competitive offerings in the space, and among the primary reasons to pick Stripe is the assumption of better security, given it's multi billion dollar venture funding and valuation
by zelly on 1/4/20, 7:50 PM
The problem with SSNs is how short they are. 9 digits.
Even if you hash them, it's not that hard to make a 10^10 - 1 rainbow table.
It's the same problem with IPs (v4). You simply cannot store them at all if you care about your customers' privacy.
by mobileexpert on 1/4/20, 1:10 PM
Strange to not see an official statement and post Mortem from Stripe mentioned anywhere. Can someone who got a letter post a (redacted as necessary) scan of it?
by miki123211 on 1/4/20, 1:48 PM
How could Stripe Atlas even require SSNs? Wasn't the whole point of that service giving access to the U.S. market for people from other countries?
by reviel on 1/5/20, 6:01 AM
by ryanlol on 1/4/20, 7:15 AM
Odds are that all these SSNs had been leaked from a bunch of other sources anyways. Why the “fuuuuuuuck”? This doesn’t seem like a big deal at all.
by duxup on 1/4/20, 6:03 AM
Is there any verification / info other than a tweet?
by rolltiide on 1/4/20, 6:13 AM
getting your identity stolen in any way that’ll effect you is all random
they’re all leaked now and people borrow them for things that would never show up on your credit report
hope you don’t get framed! Good luck