Hacker News new | past | comments | ask | show | jobs | submit login

> Someone created a magnet link yesterday

Are you against simply sharing the infohash here? I'd like to download the leak to see what information it has on myself and my family, but I don't really relish the idea of signing up for a breachforums account and sifting though its posts if I can avoid it.




Here is a strongly encrypted base64 version to keep hackers out:

bWFnbmV0Oj94dD11cm46YnRpaDozY2FhNzFmM2VjOGNiY2NjNmZjYTRmZWI3MTg1ZGEyYmFiMTQ5YmE3JmRuPU5QRCZ0cj11ZHA6Ly90cmFja2VyLm9wZW5iaXR0b3JyZW50LmNvbTo4MCZ0cj11ZHA6Ly90cmFja2VyLm9wZW50cmFja3Iub3JnOjEzMzcvYW5ub3VuY2U=

Allegedly, the password (also base64 encrypted) is:

aHR0cHM6Ly91c2RvZC5pby8=


Has anyone been able to reverse this base64 encryption? Whatever am I going to do with this?


It can't be reversed, unfortunately. base64 has been peer proven as mathematically unhackable.


Username checks out.


Same for base16. That's why those pesky hash digests always use it.


rot13 is way faster though.


do you still hang out with CrashOverRide?


Only in phonebooths during slow-motion, rotating hack montages.


https://www.base64decode.org/

I hope this helps you


It was a joke, but thank you. The internet needs more helpful people.


Wasn't it a joke?


I just knew someone was going to take it seriously xD


[flagged]


I'm not sure. There are 64 bases. Probably quantum proof.


[flagged]


[flagged]


Sincerely I hope you don’t try reading Jonathan Swift - you may start trying to eat children.


Yeah ok I was stupid


Dude it's just a joke


Yeah I'm dumb and was having a bad day


Happens to the best of us. Life is a dance not a maze.


I dug into this a little and one of the files is 164GB. How do you even work with these files? That is, how would I search for my SSN on my windows box?


That's not even that big? `cat big_file | grep -v my_term` would go line-by-line and show any lines matching your query. If you're doing a lot of queries, you'd probably want to index it, so you throw it into a sqlite database with the usual SQL utils.

Edit: I missed you said Windows. Probably Powershell have similar utilities, so you can do `ReadFileLineByLine \r \d big_file | ReturnHitBySearchTerm \v \t \s my_term` or something similar.


>ReadFileLineByLine \r \d ssn.txt | ReturnHitBySearchTerm \v \t \s trampas ReadFileLineByLine : The term 'ReadFileLineByLine' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:1 char:1 + ReadFileLineByLine \r \d ssn.txt | ReturnHitBySearchTerm \v \t \s tra ... + ~~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (ReadFileLineByLine:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException

:(

All I know about powershell I just learned by accident: ls works


You absolutely do not want to use "-v" with that grep.

Nor do you want to use cat (UUoCA) but that's very much a minor point in comparison.


UUoCA: https://porkmail.org/era/unix/award

I hadn't heard of it before.


Using sift on a 100GB txt file still takes multiple minutes. I haven't tried ag, but grep is supposedly slower.


If the desire is just to grep for your name, email address, whatever, and then throw the rest of the data away, I don't think waiting multiple minutes is a big deal.


I can't believe HN mods think it's ok to leave this comment up. I don't know of a way to report it myself unfortunately.


Excuse me, why is linking to something bad? Especially when it contains your own data?


https://en.wikipedia.org/wiki/Doxing?lang=en


Doxxing involves targeting an individual, as mentioned in the first line of that wiki page.

I'm not publishing or leaking any data either. I'm linking to something that was already made public which contains my own data.


Linking to personal information may be considered publishing in some areas.

Also it's just a really crappy thing to do IMO.


I get it now, but I have so much imposter syndrome that I wasn't sure if this was ACTUALLY something I needed to figure out -__-


Anyone know the size after the 50GB file is un7zipped?

EDIT: answer: 2 files, 176GB and 120GB, total is 298GB.


Entire family is in the list, with every address they've lived at in the last 40 years.

Freeze your credit reports, folks.


Elsewhere in this thread I posted a detailed commentary on what the torrent contains.


FYI: This is only the two social security files, not the whole breach.


BitTorrent uses something called a "distributed hash table", for which there exist services to search it (btdig, etc). You can use one of those alongside the torrent name (NPD) to find it.

I haven't downloaded it, but my understanding is that the data comes compressed and with a (weak) password.


You can check to see if you were in the breach here:

https://npd.pentester.com/search

This will save you the effort of a 30min search per `grep` on the original breached files.


fyi that is likely to be a crime, at the very least has been cases of websites being punished for linking to illegally distributed IP (even if not hosting it).


I'd be worried about legal repercussions if we were talking about the latest Disney movie, but this is merely the private information of a billion people. Never seen IP law give much of a crap about that before.


Private information on people is Equifax's IP.


A collection of facts is not and can not be copyrightable, especially when it was mechanically derived/collected (no human creativity). So, no, it is absolutely not "Equifax's IP".


Only in the US. In the EU and other jurisdictions is does have protection [1].

[1] https://en.wikipedia.org/wiki/Copyright_law_of_the_European_...


So I could copyright my SSN in the EU and sue Equifax et al.?


Not on an individual basis. If you collected a large number of them and someone copied them from you, then you could have a database right claim, which is sort of similar to copyright, but much less powerful. https://en.wikipedia.org/wiki/Database_right


Yeah, in the EU it does have Palantir's protection. /s


which has yet to leak. as far as we know, the equifax data never became public.


1 pirated Disney movie is a tragedy.

3,000,000,000 leaked Social Security Numbers is a statistic.

-Joseph "Social Credit" Stalin

...Is it obvious I, as an American who can confirm my SSN (and whatever else) was leaked by this, sincerely couldn't care less because this is leak incident number 897165176548795647564576415671?

That $10 UberEats gift card from CrowdStrike would be more valuable than another batch of Free Credit Monitoring(tm).


UberEats gift cards are the ultimate passive aggressive “fuck you”. To use them, you need to spend at least another 10 to actually get something


Is this NPD's "IP" though? Is my personal information that company scraped, now that company's intellectual property?


Where's the IP?

It's like phone books--a collection of data, no creative content.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: