Slashdot Mirror

← Back to Stories (view on slashdot.org)

40 Million Identities Up For Sale On the Web

Posted by kdawson on from the big-fat-target dept.

An anonymous reader writes "Highly sensitive financial information, including credit card details, bank account numbers, telephone numbers, and even PINs are available to the highest bidder. The information being traded on the Web has been intercepted by a British company and collated into a single database for the first time. The Lucid Intelligence database contains the records of 40 million people worldwide, mostly Americans; four million are Britons. Security experts described the database as the largest of its kind in the world. The database is in the hands of Colin Holder, a retired senior Metropolitan police officer who served on the fraud squad. He has collected the information over the past four years. His sources include law enforcement from around the world, such as British police and the FBI, anti-phishing and hacking campaigners, and members of the public. Mr. Holder said he has invested £160,000 in the venture so far. He plans to offset the cost by charging members of the public for access to his database to check whether their data security has been breached."

9 of 245 comments (clear)

  1. splitting hairs by tverbeek · · Score: 5, Interesting

    "He plans to offset the cost by charging members of the public for access to his database to check whether their data security has been breached."

    How, exactly, does this differ from extortion?

    --
    http://alternatives.rzero.com/
    1. Re:splitting hairs by Civil_Disobedient · · Score: 3, Interesting

      a world in which it was a crime simply to possess certain information would be very scary

      Uh, you do realize you already live in that world, right? Right?

  2. So let me get this straight... by FSWKU · · Score: 5, Interesting

    He plans to offset the cost by charging members of the public for access to his database to check whether their data security has been breached.

    So in order to find out if your personal information has been breached, you have to disclose said information AND pay a fee. Seems a little fishy to me. Isn't that how a lot of identity-theft scams operate in the first place? "Hey, your identity is at risk. Send us money and details and we'll check to see if you're a victim or not.........and.....YES...you are now a victim! Thank you for using Thieves-R-Us!"

    --
    "So after all this, you make my case for me. To end this stalemate, you must die..."
    1. Re:So let me get this straight... by mcrbids · · Score: 3, Interesting

      It took me about 10 minutes to create this simple web-page would could conceivably be used to steal identifying information. It would take a few hours to add stuff like the ability to run credit cards, and simulate a faux "Your identity was not found".

      This website was easy to make using a free template found online. With the exception of the target page for all the links, it would easily pass the "sniff test" for many people. It looks friendly! It's got a kid and a butterfly on it! The news stories are current! (copy/paste from google news for "Identity Theft") Feel free to check it out. Total time spent was about 10-15 minutes. (I purposefully put in a few spelling/grammar mistakes, just to exaggerate my point)

      So I hack up a spam engine, log in via some open wifi hotspot, and I have a business overnight? ID theft is much, much easier than we all think. And we want to believe that this guy isn't also doing it?

      --
      I have no problem with your religion until you decide it's reason to deprive others of the truth.
  3. The answer is always "yes." by zippthorne · · Score: 3, Interesting

    It's far more brilliant.

    You must give him some information about yourself to determine if you're in the database, non? Information that includes your credit card numbers, perhaps. Where do you think that data goes, I wonder.

    --
    Can you be Even More Awesome?!
  4. If he really wanted to do the right thing... by 3seas · · Score: 4, Interesting

    ... he'd notify the relative banks and get them to issue new cards to the card holders and then cancel the old account numbers.

    Or isn't that something a police officer would not do?

    Aren't the police supposed to help protect the public?

  5. Re:Where does a cop get £160,000? by Anonymous Coward · · Score: 5, Interesting

    Actually, under the Data Protection Act he isn't allowed to hold that database at all. This will end very badly for him.

  6. Re:Ridiculous by sbeckstead · · Score: 3, Interesting

    I got mine stolen by using my teller card in a machine in Orange County California. I've never actually had it stolen on line. Always by physical means.

    --
    Why bother
  7. Re:Where does a cop get £160,000? by Derosian · · Score: 4, Interesting

    Actually in the US using police or federal services for personal use as an officer is a felony, thus if this guy was an American police officer he would be arrested and all his information would be confiscated as evidence for his trial.