• Lemongrab@lemmy.one
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    Not just financial, but your physical address (unless you are using a po box, which can still be correlated to you), ip, approx location, local devices, phone unique identifier, browsing habits. I am not going to try and name all the kinds of data collectable, but it is trivial to use data related to your device to hack it.

    For your question, most likely if you are not a person of interest then attacks wont be specific to you but against a group. So for the hacker, attacking a wildly popular app to extract the info already available is bettee than individually cracking whatever algorithm was used to hash specific data (unless they already have a piece of it).

    An example: A hacker tricks an employee into getting username and password (realistically trivial). They spread their influence till they reach an individual with system privelege. They use the private keys they obtain to decrypt financial and account data. The company doesnt even know they are compromised (often takes them months). Now they have two oppertunities. They can sell the cards in bulk on the black market and sell/use all the data harvested by this invassive app. People make mistakes and with a list of emails they can phish the shit out of everyone using the official corp. templates.

    Your data isnt just at risk to the first party who collected it, but also 3rd parties who obtain it, legit or otherwise.

    • MrMamiya@feddit.de
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      Interesting. Did you know you can find my address by looking up property records? It’s free, anyone can do it. You can see how much my house cost, how much taxes I pay, etc.

      Did you know you could look up Name, Phone Number, Address, Criminal History, Convictions, and Court Cases involving the individual searched using a license plate number?

      I really do appreciate the explanation. I really don’t feel scared. For what it’s worth I used hide my email and a vpn. I guess if I am ever important I will have to consider more. As it stands, everyone already knows what I’m up to, I use google services.

      Equifax. I know you know what I’m talking about. Why should I give a shit if I’m gonna be exposed by the stewards supposedly safeguarding my most sensitive info anyway?