6 comments

[ 3.0 ms ] story [ 298 ms ] thread
If there was an open database of password breaches it would be easier for people to do research in if a leak was new or just a password taken from a previous leak. Of course you can get closer to the actual number by filtering out duplicates, but you can't figure out what's new if you can't know what's old.
In other words, 2.7B -> 109M is a 96% reduction from headline to people. Could we apply the same maths to the 16B headline?

I mean there’s not 16B people in the world, so a row per person can be ruled out pretty easily

I always find it funny how the media characterizes a data breach in terms of number of records stolen, or, even worse, its size on disk.

There are ~335 million Americans. Assume for simplicity that each of them owns one phone, and hence one SIM card. Generously assume that each SIM card has 1kb of authentication material. A data breach of all US consumer SIM keys would hence be ~335 million records and ~335 gb.

Such a breach would be far, far more catastrophic than anything we have ever seen (and probably anything we will ever see) in computer security, despite being half the size of this one, and containing less than 10% as many records.

I'm glad someone actually looked at the data and made a real news story about this.
I am very confused.

> Everything (and I mean it) from that news report went through yours truly.

> Bob is a quality researcher

> The headlines implying this was a massive breach are misleading

But the headlines implying it are literally in the cybernews article, which is the source of it all? Why does the article talks about "the mass media" throughout the length of it, if it's the original source that was misleading?