Print the page
Increase font size

Was Your SSN Hacked? (Probably.)

Chris Campbell

Posted August 19, 2024

Chris Campbell

A massive data breach has left basically EVERYBODY vulnerable.

If it wasn’t already…

Chances are, your social security number is now sitting on the Dark Web.

It’s pretty urgent, so let’s cut to the chase.

We’re going to go through the BEST way to deal with this situation - from snout to tail.

First, we’re not sure why this isn’t bigger news.

Here’s what happened:

A hacking group called "US DOD" managed to break into the systems of a company called National Public Data.

These types of hacks happen all the time, but this one’s especially concerning.

National Public Data is who handles background checks - you know, the kind of checks that require all your sensitive information.

So we're not just talking about names and email addresses here. This breach exposed Social Security numbers, previous addresses, and even those security questions banks ask you when you forget your password.

You know, the ones like "What was the name of your first pet?" Yeah, those.

Bad news, because now hackers can link your SSN with your old addresses. Often, this is how identity is authenticated.

The scale of this breach is mind-boggling.

We're talking about the personal records of nearly 3 billion people potentially exposed. Yes, you read that right - billion with a 'B'.

This digital heist reportedly went down in April, and now there's even a class action lawsuit filed in a Florida federal court.

Nothing is Safe

Now, you might be wondering, "How do I know if I'm one of the unlucky 3 billion?"

Some people will wait for confirmation.

Don’t.

Assume the worst and take action.

So what can we do? The usual steps - credit monitoring, freezing your credit, and keeping a watchful eye on your accounts.

Tutorial: How to place or lift a security freeze on your credit report

That’s the first step.

Also, there’s this: Create an official Social Security account (before a hacker beats you to it).

Here’s the official link:

https://www.ssa.gov/personal-record/update-contact-information

On that link, you’ll be prompted to create an account with Login.gov.

There’s a specific way to set it up so you KNOW it’s secure.

Read This First

If you want the highest possible level of security, consider this:

During the account creation process, you'll be prompted to set up authentication methods.

These methods will determine who is able to access your account.

The page will look like this:

pub

Some of these methods are FAR better than others.

  1. Security key (High)
  2. Government employee ID (Meh)
  3. Authentication app (Medium-High)
  4. Text or voice message (Low)
  5. Backup codes (High, depending)

 The bolded are the ones I personally would choose.

Here’s why:

The top choice is using a hardware security key like a Yubikey. It's practically unbeatable when it comes to protecting against phishing and account takeovers. Plus, you don't have to worry about SIM swapping attacks.

If you have a security key on hand, then definitely go with this option. (It’s worth getting security keys. Only get them from Yubikey’s official website: Yubico.com

I’ve written a separate Yubikey tutorial here with everything you need to know.

Backup codes are the fallback option. Just make sure you store them somewhere safe offline. Best practice is to write them down and keep them somewhere safe - ideally more than one place.

Authentication apps like Google Authenticator are pretty good too. They're more secure than text messages and aren't vulnerable to popular phone hijacking methods like “SIM swapping”. (More on that in one second.)

Just remember to keep your phone locked down with a strong passcode. (Also, back up your authenticator codes in case you lose your phone.)

Tutorial: How to Back Up Your Authenticator 2FA Codes

Why Avoid Text (If You Can)

Text or voice messages? For most people, they're the LEAST secure option.

Only use them if you absolutely have to. They're vulnerable to SIM swapping, which can be a real headache.

Sim swapping is when a scammer convinces your mobile carrier to transfer your phone number to a new phone they control.

It's a sneaky and dangerous form of identity theft that can have serious consequences, especially when it comes to account security.

Since most people use text verification for their accounts, it can be highly lucrative.

Hackers are getting VERY savvy with this method. If you become a target, chances are they’ll find a way to take over your phone.

In fact…

Hackers have been known to have connections within mobile companies who authorize Sim Swaps for them.

It sucks that mobile carriers don’t have a better system for this. Maybe that will change with this breach.

But it has happened in the past - and will probably keep happening.

The key takeaway here is to use the strongest methods available to you.

Combine a hardware key with backup codes for the best security. If that's not possible, go for an authentication app. Whatever you do, steer clear of text messages if you can.

AI and the New World Order (The Final Piece)

Posted December 19, 2024

By Chris Campbell

The most exciting, terrifying, and ambitious thing happening on Earth right now.

America Needs AI Agents (Part Two)

Posted December 18, 2024

By Chris Campbell

It’s cute when it’s a chatbot talking to a college kid. It’s not so cute in a nuclear plant.

Warning – Don’t Sell Without Reading This

Posted December 18, 2024

By Davis Wilson

This Experiment Could Make (Or Lose) You A Lot of Money

Make AI Agents Work For You (Part One)

Posted December 17, 2024

By Chris Campbell

The future is already here – AI agents will distribute it.

“Quantum-Proof” Your Bitcoin

Posted December 16, 2024

By Chris Campbell

If you hold Bitcoin, or if you even care about the digital world we live in, this is something you want to understand.

MicroStrategy - The Next “Inclusion Effect” Victim

Posted December 16, 2024

By Davis Wilson

December 23rd could be the top