consider social security numbers?
What potential is there to provide data on SSN that have been exposed in a breach? This seems much more borderline dangerous, but curious about of you've given any thought and the problems / possibilities you see.
Jon Anderson
shared this idea
American social security numbers are considered sensitive personally identifiable information and I don’t intend to store them in HIBP.
-
One Sum commented
Though you've closed voting on this in past, with the recent 2.7 billion release of Social security numbers by the "USDoD" group, that is a truly astounding number that have now become 'less personally identifiable' to those really wishing to find them.
Though I have no wish to scour the deep web or pirate forums to determine if mine was released, I'd like to search for mine and my spouse' using the same format as the HIBP password search. -
AP
commented
What if you didn’t store them in HIBP, but stored hashes instead?
-
emilio
commented
If you have not disposed of the breach files, what about a bloom filter to provide peace of mind (or 99.9% confidence) for existence of matches for [Lastname+LastFourDigits]? or some k-anonymity variant on hashes thereof.