Personal Security After Data Breaches

Security researcher Brian Krebs (KrebsOnSecurity[.]com) has been writing a series of articles on data brokers and data deletion services, and the sometimes suspicious entities behind them.

For instance, the personal data deletion service OneRep[.]com is headquartered in Belarus and Cyprus, not in the state of Virginia, U.S.A., and its founder also launched multiple people-search companies himself.

This article exposes the PRC company ( Shenzhen Duiyun Technology Co.) behind several U.S.-focused people-search sites, apparently created for affiliate revenue purposes, as they redirect to other major, “legitimate” search sites such as Spokeo.

Krebs’ report on Radaris reveals apparent links to:

…multiple Russian-language dating services and affiliate programs. It also appears many of their businesses have ties to a California marketing firm that works with a Russian state-run media conglomerate currently sanctioned by the U.S. government.

That’s wild

Response to Krebs’ report, from OneRep, plus Mozilla drops OneRep integration into Firefox: Mozilla Drops Onerep After CEO Admits to Running People-Search Networks – Krebs on Security

7 posts were split to a new topic: Firefox search by default

You’ve set a different search engine… Right?

A glimmer of hope: Oracle is shutting down its once-$2B advertising business • The Register

“Everyone on Wall Street should take notice that companies who comply with data privacy laws while trying to operate data vacuums and data marketplaces, are bound to lose money,” said Edwards.

Anyone for an anchor pool on data marketplace stock bubble? I bet the data vacuum sucks.

I just got notified that my personal information has appeared on the Dark Web, including name, 4 different (very old) former addresses, social security number, one old phone number, and several phone numbers that were not even mine, from a different U.S. state.

Fortunately, I have a freeze in place on my credit file at the major credit reporting agencies, and at bureaus that screen bank account and insurance applicants, although that’s still no guarantee of safety.

I’m glad I “parked” the old phone numbers with my VOIP provider after I changed to a new number. Maybe that will mitigate the risk somewhat, along with the other measures I’ve implemented.

Maybe that’s why I get the random incoming call on my L5? (Not necessarily you, some other guy’s data breach.)

Could be. You could check your number on the Have I Been Pwned website to see if it has appeared in any breaches. Otherwise, maybe your number is just published somewhere online, or appears in databroker records (or other public records).

I’ll also get a security PIN from the IRS, to hopefully prevent any fraudulent tax returns in my name.

That doesn’t necessarily have to arise from a data breach. It can just be robodiallers working their way through numbers in sequence.

Thank you for the meme.

For California residents, the DELETE Act is now in effect. Deletion requests can be submitted online now; the single request applies to 500 data brokers, although they don’t have to comply until August 2026.

Unfortunately, to formulate a request, you have to submit to 3rd party identity verification, and provide a certain amount of personal information to enable the brokers to find your data.

Wonder if that means submitting more digital copies of identity documents, some of which will then inevitably be stolen and leaked online.

Seems the word is getting out: The nation’s strictest privacy law just took effect, to data brokers’ chagrin - Ars Technica

Hopefully there will be a chain reaction to other states eventually.

… and other countries.