top | item 17868715

(no title)

LarryL | 7 years ago

Ignoring the moral/ethics concerns, how would a potential buyer know that the data is legit (if it even exists at all?).

Give me a couple of days and I'll create a fake -but real looking- set of records with millions of false customers (it would be made real enough by using public information)...

If you tell me that they'll provide an extract as "proof", I'll answer: it's easy to cook-up a realistic small sample, just using and remixing former leaks/hacks for instance...

In summary: the money aspect makes the data MUCH more suspicious than a "bragging/4tehLULz" hack.

discuss

swarnie_|7 years ago

Reputation and repeat business. You might get away with selling fake information once, i highly doubt you would get away with it twice.

I imagine its a similar scenario to how other dodgy markets work such as drugs or cryptolocker decryption keys, reputation and customer service mean a lot.

21|7 years ago

For hackers good opsec would require them to use a new persona for each separate hack. Compartimentalization. Linking separate hacks together is a really bad idea.

ALittleLight|7 years ago

Perhaps if you are a buyer of this data you have similar, if smaller, databases. You could then say, here's ten thousand hashed credit card numbers from my collection. Give me the full data for ~1,000 of them. If their data lines up with yours that's a good sign.

This wouldn't be a perfect method, but if the seller could do it then it would increase my confidence a lot.

yangzx|7 years ago

For this particular example, the buyer can simply look himself up in the dataset. LOL. This dataset is the database of the largest hotel brand of China.

I am pretty sure there are entries about me in the database (I am Chinese). It's damn embarrassing, people know me can know who I slept with if he pay 8 bitcoin now. Now I hope the price of bitcoins goes up.

NedIsakoff|7 years ago

mapping of 居民身份证 to real names..