The Aadhaar biometric database covering over 99% of the adult population in India has been compromised and its contents are now for sale. Full personal details on around 1 billion adult citizens of India, including several biometrics, are available for $8.
takyon: $8 per individual.
(Score: 2) by Mykl on Tuesday January 09 2018, @10:48PM (4 children)
It's hardly surprising that these leaks continue to happen weekly. All it takes is one or two bad actors in the right position (which is usually not that high up).
It's why I've been avoiding iCloud for my Apple devices - eventually that nut will be cracked and it will be open season on everyone's data. Unfortunately, Apple seems to be trying as hard as possible to push everyone onto it (just discovered after a recent update that I can no longer sync photos from the Photos app to iPhone via iTunes sync).
(Score: 0) by Anonymous Coward on Tuesday January 09 2018, @11:11PM (1 child)
(Score: 2) by Mykl on Tuesday January 09 2018, @11:56PM
Because, while it no longer fits my needs on this particular item, Apple devices fit my needs better than Android on the whole.
Yes, I'm aware of the restrictions I've signed up to. No, I'm not prepared to spend the time and energy rolling my own solution. Any spare time I have goes to other pursuits (the kids, wife, a bit of time for my hobbies).
(Score: 4, Insightful) by pipedwho on Tuesday January 09 2018, @11:57PM
Apple is probably a bad example of this as they (ie. the company and therefore the employees) don't have access to your iCloud data (beyond the usual sign up details, name, credit card, etc). They intentionally use HSMs for all the crypto keys in a way that allows only your devices to decrypt the data which theoretically prevents en masse compromises. Now, of course, if some of the crypto primitives 'fail' (ie. someone discovers an exploitable weakness in AES, ECC, cryptographic modes, or hardware based random number generators), then everyone on iCloud might be in a world of hurt. But if that happens, the hurt is going to go far beyond Apple and problems with exposed iCloud data.
Of course, if someone gets your iCloud password, then you have a problem. But, that is different from the database compromise described in the article where the entire dataset (or large batches of it) are exposed by a single attack.
Large searchable databases full of sensitive and identifiable information are an extremely bad idea for privacy reasons.
(Score: 0) by Anonymous Coward on Wednesday January 10 2018, @06:19AM
You don't have to give Apple your real name or anything. You should know the routine.