'A Polish researcher created a fake passport using ChatGPT-4o that worked well enough to pass standard digital identity checks used by major financial platforms.'
https://boingboing.net/2025/04/07/researcher-creates-convincing-fake-passport-using-chatgpt.html
Researcher creates convincing fake #passport using #ChatGPT - https://boingboing.net/2025/04/07/researcher-creates-convincing-fake-passport-using-chatgpt.html oh goody... #identitytheft
#Trump on Friday commuted the sentence & probation of #CarlosWatson, a co-founder of the now-defunct #digital #media company Ozy Media, on the day he was set to surrender to prison.
Watson was sentenced in Dec to almost 10yrs in #prison for #fraud, #IdentityTheft, #SecuritiesFraud, & #WireFraud.
Watson & Ozy were also ordered to pay $96M in restitution & forfeiture. As part of Trump’s commutation, they will no longer have to pay.
#law #felon47 #CFPB #SEC #corruption
https://www.cnbc.com/2025/03/28/trump-commutes-sentences-of-ozy-media-founder-carlos-watson-and-company.html
@briankrebs is there any evidence that #DOGE is releasing citizens #PII intentionally or otherwise that is being used by #cybercriminals to engage in #identitytheft?
From @4lisaguerrero on 
:
So immediately after #DOGE gains access to all our #SocialSecurity info, someone committed identity fraud by filling out a #FEMA assistance application using my name, old address & Social Security number. I’ve never been the target of #IdentityTheft before. Coincidence?
https://www.npr.org/2025/03/11/nx-s1-5305054/doge-elon-musk-security-data-information-privacy
___
Nah. It's just the plan, Stan.
Casino Data Jackpot – For Hackers: Merkur’s API Disaster
A couple of days ago, I saw a Mastodon post from Lilith Wittmann in my timeline. She linked to an article on her Medium page detailing a catastrophic security failure at Merkur AG. You can find the original Mastodon post here.
The casino company Merkur AG and its service providers have made almost all the data available in their casino systems publicly accessible. This includes payment data, gaming sessions, and copies of the ID cards of over one million players.
Lilith Wittmann’s Medium Post (German)
Oh wow. Losing data of a million customers is bad enough. To make things worse, they also integrated third-party services like Sumsub for Know Your Customer (KYC) checks. So, the leak also includes over 70,000 ID photos, selfies and proof of address from the KYC process.
A perfect setup for identity theft. What a mess!
All this was possible due to a unprotected GraphQL API endpoint.
Let’s learn from this!
For Merkur it is a massive damage. For us it is a lesson we can learn from: This breach is a good example of why securing APIs should be a top priority. Some simple steps that could have prevented this:
Obviously, a lot went wrong here. Let’s try to do better and avoid this kind of disaster in our own projects.
https://www.locked.de/casino-data-jackpot-for-hackers-merkurs-api-disaster/
#hacking #IdentityTheft #Merkur #MerkurBreach #Privacy
This is the first I’ve heard of a “#BrushingScam,” where scammers “brush up” the reviews and trustworthiness of their online storefronts by using your personal data to order and review something on your behalf. They even send you the thing in hopes of #phishing more to commit #IdentityTheft.
https://proton.me/blog/brushing-scam
So now you have to treat the receipt of unordered merchandise the same as any other unsolicited commercial communication: a data #breach signal.
With #musk having access to all kinds of data now it seems like a lot of folks are recommending putting a freeze on your #credit to help avoid #IdentityTheft. I went through that today and while it was pretty painless creating an account with Equifax and Experian, Transunion really buries and hides the info as it seems like they would really like you to sign up and pay them a monthly fee. You don't have to by the way, they are required to do this for free. Anyway, for folks looking to do this themselves, I thought I'd type up the links and the various contact information:
TransUnion: https://service.transunion.com/dss/orderStep1_form.page
Experian: https://www.experian.com/help/login.html
Equifax: https://my.equifax.com/consumer-registration/UCSC/#/personal-info
Having the online accounts are a double-edged sword in that someone could technically gain access to that and request your credit be unfrozen. You can still freeze your credit if you do not wish to create accounts with the three agencies. This can be done either by mail or by phone. By mail you need to provide your full name, social security number, address history for the past two years, date of birth, a copy of a utility bill or bank statement from the last 60 days, and a copy of a government issued identification card with your address on it (note that passports generally do not contain that so you'll want to use a driver's license or state-issued ID). Again here's the info you need:
TransUnion:
1-800-916-8800
TransUnion Credit Freeze
P.O. Box 160
Woodlyn, PA 19094
Experian:
1-888-397-3742
Experian Security Freeze
P.O. Box 9554
Allen, TX 75013
Equifax:
1-888-298-0045
Fill out the form here: https://assets.equifax.com/assets/personal/Security_Freeze_Request_Form.pdf and then mail to:
Equifax Information Services LLC
P.O. Box 105788
Atlanta, GA 30348-5788
If you have online accounts or you call, they are required by law to freeze your credit within 1 business day of you requesting it and unfreeze it within 1 hour. By mail it needs to be frozen within 3 business days of receipt of your mailing and unfrozen likewise within 3 business days of receiving your mailing.
Please note, you'll need to unfreeze your credit when applying for a loan, mortgage, etc.
I suspect the links and the required information changes with time so the above links may not work if you're finding this information and it's a long time past February 2025. So if it is, just confirm the above is still correct before going through the process.
Right after learning that the DOGE-bags had gained access to my Social Security data, and I was wondering if I should get some #IdentityTheft protection provided by the offending parties, I got this from IDX:
Use National Consumer Protection Week to Guard Against Scams
Who is HN1? Next week the #spycops public inquiry finishes the current set of hearings (covering 1983-92) with testimony from a key officer, HN1.
He's been given a last-minute set of special measures to protect his anonymity & the Inquiry won't say why
The #USTreasury data has been compromised (if not, it's pretty damn close) so here's a #PSA:
FREEZE YOUR #CREDIT REPORTS.
NOW.
The #Treasury data is either going to be sold to thieves or used to f people over because that's what Those People do.
Lock your credit down before you get calls from collection agencies wondering why you haven't made any payments on [something] you didn't know you bought. If your credit can't be freely checked, they can't open new lines of credit to buy swastikas on Etsy or whatever the f they buy.
https://bricksandclicks.marketing/security/how-to-freeze-your-credit-reports/
”Nothing short of an administrative coup“— @theatlantic.com
“Elon Musk is not the president, but it does appear that he—a foreign-born, unelected billionaire who was not confirmed by Congress—is exercising profound influence over the federal government of the United States, seizing control of information, payments systems, and personnel management. It is nothing short of an administrative coup.”
https://www.theatlantic.com/technology/archive/2025/02/elon-musk-bureaucratic-coup/681559/?gift=hQypVy1QFAo5EmYao55mN7VPjX2p4KE1k3asARb4PDE&utm_source=copy-link&utm_medium=social&utm_campaign=share #musk #coup #IdentityTheft
Today is also a remeberence day of how #StateSponsoredMalware from #GammaGroup is used for a #masssurveillance #GreyMarketCALEA #DigitalSlaverySystem but also is being watched by other #StateSponsoredMalware that competes with #FinFisher #FinSpy #Finsky who's 100's of MILLIONS of installs of its clients in #AMER is used for #cryptowallettheft, #identitytheft , #propaganda & #GangStalking purposes by #OfficerProxys', luckily, #InternalAffairs can review who accessed what, when & where, for public reviews 
.
Make it a priority to #freeze your #credit...
...unless you don't mind #identitytheft & look forward to spending a year with lawyers repairing the damage criminals did in your name like opening financial accounts, buying cars & establishing leases. 
https://www.usa.gov/credit-freeze
Massive Data Breach at Wolf Haldenstein Exposes 3.5 Million Individuals: A Wake-Up Call for Cybersecurity
In a shocking revelation, Wolf Haldenstein law firm has disclosed a significant data breach affecting approximately 3.5 million individuals. This incident highlights critical vulnerabilities in data p...
Almost every person in the US has had their information stolen from a corporation that forces people to share that information. I'm sick of paying for the corporation's carelessness and criminality.
Each time a person's identity is stolen and used by malicious characters, each corporation that allowed the harmed individual's information to be stolen should have to pay back the harmed individual, plus damages and interest.
Personal Data of Rhode Island Residents Breached in Large Cyberattack - An “international cybercriminal group” harvested the personal data of potentially hundred... - https://www.nytimes.com/2024/12/14/us/cyberattack-rhode-island-ribridges-snap-medicaid.html #healthinsuranceandmanagedcare #deloittetouchetohmatsultd #cyberattacksandhackers #extortionandblackmail #computersecurity #healthsourceri #identitytheft #rhodeisland #ribridges #privacy
Here's today's example of how all the #identityProtection companies are incompetent.
This is a screenshot from the enrollment process at #identityDefense.com.
Notice that the first field is asking me for a date but not telling me what date I'm supposed to enter.
I'm guessing they're asking for my birth-date, but I shouldn't have to guess.
Did anybody test this before they released it, and if so, are the testers so incompetent that they failed to flag this issue?
#infosec #privacy #identityTheft
Your Personal Data Is Probably on the Dark Web. Here's What You Can Do to Fend Off Identity Thieves
https://www.cnet.com/personal-finance/your-personal-data-is-probably-on-the-dark-web-heres-what-you-can-do-to-fend-off-identity-thieves/
#IdentityTheft #IdentityProtection #Security #Tech #PersonalFinance
Public Warning.
If you EVER, and I do mean EVER see a QR code for anything... not just some things, ANYTHING.
Treat it as a scam, do not scan it, they can easily be covered up with malicious redirects to fake sites to steal your financial details. Direct you to malware sites to try and infect your device.
Treat them all the same... as toxic, potential harmful to your identity and security.
Never trust them... EVER!!!
If you 100% must use one, do what you should be doing at any (ATM) cash machine, check for devices that have been installed by crooks. See if you can peel the code off, not just at the area around the code, but the whole sign... look for anything unusual and if you have any doubts... even if it's 1% doubt... DON'T USE IT
This isn't scaremongering, scammers and thieves are out there every day, placing fake QR codes on signs all over the place. No where is safe from them. The way to win is not to play. Don;t buy into the enshitification of everything, don;t be told that you can ONLY do it one specific way (legally they have to offer more than one way to pay for a service).
Please boost and spread the word.
done differently 
