Anonymous hackers are planning to post my information on the web. What should I do to avoid getting my identity messed up?
December 26, 2011 12:21 PM Subscribe
My information got hacked by Anonymous. They got an expired debit card number, my name, address, and password, and are about to publish the whole mess on the internet. What should I do?
I used to subscribe to this website called Stratfor. They bill themselves as an "independent intelligence" company, but I'd call them a fabulous geopolitical magazine -- think The Economist on steroids.
On Christmas eve, a faction of Anonymous hacked Stratfor's databases and harvested information on Stratfor's users. Many Stratfor subscribers work for corporations or the government, and they've been using those folks' credit cards to send money to charity.
They're also in the process of publishing everyone's information on the net.
So, my question: The debit card I had with Stratfor is out of date, but my other information is current. I have:
* changed sensitive passwords and
* signed up for my bank's identity protection service.
However, my bank's id protection service company seems super sketchy, and I have the nagging feeling I should be doing more. Do you know of a better ID protection company? And do you know what else I can/should be doing? Any help is much appreciated.
I used to subscribe to this website called Stratfor. They bill themselves as an "independent intelligence" company, but I'd call them a fabulous geopolitical magazine -- think The Economist on steroids.
On Christmas eve, a faction of Anonymous hacked Stratfor's databases and harvested information on Stratfor's users. Many Stratfor subscribers work for corporations or the government, and they've been using those folks' credit cards to send money to charity.
They're also in the process of publishing everyone's information on the net.
So, my question: The debit card I had with Stratfor is out of date, but my other information is current. I have:
* changed sensitive passwords and
* signed up for my bank's identity protection service.
However, my bank's id protection service company seems super sketchy, and I have the nagging feeling I should be doing more. Do you know of a better ID protection company? And do you know what else I can/should be doing? Any help is much appreciated.
Is your debit card number still the same as before? If just the expiration date changed, that may not do you much good - many companies ignore expiration dates to make recurring subscriptions easier to handle & the new date may be easy enough to guess anyway.
Always use a different random password on each site you visit. XKCD explains why succinctly.
Your name & address are publicly available via numerous other services so I wouldn't worry too much about that, especially if you freeze your credit report as mentioned above.
posted by MesoFilter at 12:50 PM on December 26, 2011
Always use a different random password on each site you visit. XKCD explains why succinctly.
Your name & address are publicly available via numerous other services so I wouldn't worry too much about that, especially if you freeze your credit report as mentioned above.
posted by MesoFilter at 12:50 PM on December 26, 2011
they've been using those folks' credit cards to send money to charity.
At least one recipient has been tweeting for them to please stop as they're being charged (the nonprofit) $35 for each fraudulent transaction. This may stop sooner than expected as it backfires.
posted by infini at 12:56 PM on December 26, 2011
At least one recipient has been tweeting for them to please stop as they're being charged (the nonprofit) $35 for each fraudulent transaction. This may stop sooner than expected as it backfires.
posted by infini at 12:56 PM on December 26, 2011
Is there any way to check on my info besides downloading the whole archive?
posted by wenestvedt at 1:21 PM on December 26, 2011
posted by wenestvedt at 1:21 PM on December 26, 2011
Contact the FBI and Austin police, as they are likely lead agencies on the investigation. They have had succeses against Anon of late.
posted by Ironmouth at 1:32 PM on December 26, 2011
posted by Ironmouth at 1:32 PM on December 26, 2011
Also, regarding having a different password for every website, I get the reasoning, but how do people remember all those damn passwords ???
posted by feets at 2:07 PM on December 26, 2011
posted by feets at 2:07 PM on December 26, 2011
"Also, regarding having a different password for every website, I get the reasoning, but how do people remember all those damn passwords ???"
Write them in a wee book, kept in desk drawer.
posted by BostonTerrier at 2:20 PM on December 26, 2011 [1 favorite]
Write them in a wee book, kept in desk drawer.
posted by BostonTerrier at 2:20 PM on December 26, 2011 [1 favorite]
Fwiw, the consumer problems with Triligent mostly have to do with its advertising and marketing, not its actual identity protection service. However, I think you are facing an Id theft roblem of a different degree altogether, so you will want to take additional steps beyond passive monitoring.
posted by yarly at 2:34 PM on December 26, 2011
posted by yarly at 2:34 PM on December 26, 2011
but how do people remember all those damn passwords
Lastpass, Keypass, etc.
Is there any way to check on my info besides downloading the whole archive?
Not that I could find at this time. An alleged single column of the database, the associated company name, is here.
posted by dhartung at 3:01 PM on December 26, 2011
Lastpass, Keypass, etc.
Is there any way to check on my info besides downloading the whole archive?
Not that I could find at this time. An alleged single column of the database, the associated company name, is here.
posted by dhartung at 3:01 PM on December 26, 2011
Regarding remembering numerous discrete passwords: might I suggest 'hashapass'?
posted by scolbath at 3:04 PM on December 26, 2011
posted by scolbath at 3:04 PM on December 26, 2011
Re the keeping track of multiple passwords: I keep them written on a post-it note stuck inside the holder of my ID card/keycard --- I wear that sucker around my neck, which keeps it out of other folks' hands nicely.
posted by easily confused at 3:16 PM on December 26, 2011
posted by easily confused at 3:16 PM on December 26, 2011
Ironmouth, the FBI and Austin police might be able to prosecute Anonymous but they're not gonna be able to un-expose my personal information -- are they?
Think of it this way--an ISP is gonna take their own sweet time if you ask them to delete it. They will make it top priority if the FBI asks.
Also, I'm sorry to say this--I'd anonomize this post too. Don't take any chances.
posted by Ironmouth at 3:22 PM on December 26, 2011
Think of it this way--an ISP is gonna take their own sweet time if you ask them to delete it. They will make it top priority if the FBI asks.
Also, I'm sorry to say this--I'd anonomize this post too. Don't take any chances.
posted by Ironmouth at 3:22 PM on December 26, 2011
If the card's dead and the password is no longer in use, I think you don't need to make any specific response to all this. Everyone should have their credit report frozen at all times anyway. Yeah, the bank's credit monitoring service sounds worse than the disease.
Sorry to be pedantic, but as a merchant you can't just "ignore the expiration date" - you have to know it and use it to charge a card, every time. It's true there's a way to run recurring transactions (dues, subscriptions, etc.) but if you let the card expire in the database, you'll have to enter a new one when that transaction next runs.
And yeah, these hackers are fucking over their "beneficiaries." Assuming a chargeback happens, they don't keep the money and they pay a fee for the chargeback. Idiots.
posted by randomkeystrike at 3:25 PM on December 26, 2011
Sorry to be pedantic, but as a merchant you can't just "ignore the expiration date" - you have to know it and use it to charge a card, every time. It's true there's a way to run recurring transactions (dues, subscriptions, etc.) but if you let the card expire in the database, you'll have to enter a new one when that transaction next runs.
And yeah, these hackers are fucking over their "beneficiaries." Assuming a chargeback happens, they don't keep the money and they pay a fee for the chargeback. Idiots.
posted by randomkeystrike at 3:25 PM on December 26, 2011
Remembering many passwords: have a root, say 433tz&T03z. Something you can remember that is complex but makes sense to you. Then, for each site, append a suffix to it using a simple rule, e.g.
for gmail, your password is GM433tz&T03z
for metafilter, your password is MF433tz&T03z
for united airlines your password is UA433tz&T03z
and so on.
posted by prefpara at 3:53 PM on December 26, 2011 [3 favorites]
for gmail, your password is GM433tz&T03z
for metafilter, your password is MF433tz&T03z
for united airlines your password is UA433tz&T03z
and so on.
posted by prefpara at 3:53 PM on December 26, 2011 [3 favorites]
*Using the word suffix correctly not mandatory.
posted by prefpara at 3:54 PM on December 26, 2011 [2 favorites]
posted by prefpara at 3:54 PM on December 26, 2011 [2 favorites]
Constructing unique, difficult to hack passwords is not that hard. Use a system like this:
s0m3s4uff +second, fourth, and fifth characters in website's main url name+m0r3s4uff+last two letters in website's main url name+
Or something like that.
posted by driley at 4:01 PM on December 26, 2011
s0m3s4uff +second, fourth, and fifth characters in website's main url name+m0r3s4uff+last two letters in website's main url name+
Or something like that.
posted by driley at 4:01 PM on December 26, 2011
xkcd has a different approach to passwords, based on information theory, but many sites might prevent you from using it.
posted by dhartung at 5:21 PM on December 26, 2011
posted by dhartung at 5:21 PM on December 26, 2011
Are you sure they are publishing everyone's information? I, too, used to subscribe and I am not on the list. It seems like just institutions are on it.
posted by mlis at 5:58 PM on December 26, 2011
posted by mlis at 5:58 PM on December 26, 2011
you need to report it to the police and to the credit bureau (Experian, Equifax...).
posted by bossanova at 3:28 AM on December 27, 2011
posted by bossanova at 3:28 AM on December 27, 2011
Also, regarding having a different password for every website, I get the reasoning, but how do people remember all those damn passwords ???
Man is the tool user.
posted by flabdablet at 3:40 AM on December 27, 2011
Man is the tool user.
posted by flabdablet at 3:40 AM on December 27, 2011
I know I'm more "out there" than most, but I'm confused as to why this is a scary thing.
You mentioned four things: expired debit card number, my name, address, and password.
The credit card number is expired, it's of no use to anybody. You've already mentioned that you'll be changing your password(s), so better late than never. So we're left with your name and address, which, if I really cared to look, is probably already on a number of publicly accessible websites (i.e. gov't and/or phone book type things).
Or is it that the scary part is being associated with the other people on the list?
Again, outside of the password thing (which is something we should all be doing) I'm not seeing why this is a big deal.
posted by Blue_Villain at 5:28 AM on December 27, 2011
You mentioned four things: expired debit card number, my name, address, and password.
The credit card number is expired, it's of no use to anybody. You've already mentioned that you'll be changing your password(s), so better late than never. So we're left with your name and address, which, if I really cared to look, is probably already on a number of publicly accessible websites (i.e. gov't and/or phone book type things).
Or is it that the scary part is being associated with the other people on the list?
Again, outside of the password thing (which is something we should all be doing) I'm not seeing why this is a big deal.
posted by Blue_Villain at 5:28 AM on December 27, 2011
Because Anon is exposing the information of librarians, grad students, policy nerds, military geeks and others who are not part of some high net-worth cabal. They could not hack Jane's is my guess.
posted by mlis at 6:25 AM on December 27, 2011 [1 favorite]
posted by mlis at 6:25 AM on December 27, 2011 [1 favorite]
« Older seeds in my toilet brush holder | Chemistry lab safety: Is the teacher at fault or... Newer »
This thread is closed to new comments.
posted by Susurration at 12:37 PM on December 26, 2011 [3 favorites]