this post was submitted on 21 Feb 2026
183 points (96.9% liked)

Technology

81612 readers
4112 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
183
If you had any doubts that Know-Your-Customer laws were evil, here is one very good reason: personal data of 1 BILLION people just leaked. (cybernews.com)
submitted 6 hours ago by herseycokguzelolacak@lemmy.ml to c/technology@lemmy.world
20 comments fedilink hide all child comments
top 20 comments
sorted by: hot top controversial new old
[–] SacralPlexus@lemmy.world 2 points 1 hour ago (1 children)

I think about this kind of simplistically.

Firstly, answer to yourself is it practically possible to store and use vast amounts of data safely, without risk of being compromised?

If you say no, then we shouldn’t be doing this. If you said yes:

Since you think it is practically possible to do safely, the penalty for any company who fails to do this should be instant corporate death. Instant nationalization and liquidation to compensate the victims. People who are found in court to be responsible should face severe consequences. Criminal negligence, multiple counts.

That’s the only way I see to get all of these data hoarding fucks to take it seriously.

/end pipe dream

[–] dylanmorgan@slrpnk.net 1 points 41 minutes ago

The EU GDPR doesn’t go nearly far enough.

If I order online, my data only needs to be retained until I get my item. A electronic receipt can be sent via email.

Social networks should have human moderation, and not insist on retaining real-world data about users.

These things could be accomplished through regulation, and if enough countries (or US states) put those regulations in place it will eventually be more cost-effective for companies to implement the changes globally.

[–] yardratianSoma@lemmy.ca 4 points 1 hour ago

The Cybernews research team discovered an exposed MongoDB database containing nearly 1 terabyte of personally identifiable information (PII) exposing approximately a billion sensitive records across 26 countries.

Welp. I guess, time to change passwords.

[–] chasteinsect@programming.dev 15 points 4 hours ago

Last week, we published our team's findings about an exposed Elasticsearch cluster that contained over 160 indices and held 8.7 billion primarily Chinese records, ranging from national citizen ID numbers to various business records.

Last December, the team uncovered an unprotected database containing 4.3 billion records, some of which included LinkedIn-derived personal information. The 16TB-strong instance contained emails, photos, employment histories, and other personal data. A single collection alone contained 732 million records, including photographs.

In July, Cybernews covered one of the largest data leaks in history, after researchers discovered several collections of login credentials, containing 16 billion records. The team found 30 exposed datasets, each containing tens of millions to more than 3.5 billion records.

The leaked data included login info for just about every online service, including Apple, Facebook, Google, GitHub, Telegram, and even government platforms.

Damn....

[–] hellothere@sh.itjust.works 39 points 5 hours ago* (last edited 5 hours ago) (4 children)

The core purpose of KYC - to make it harder to launder money, and for the ultra rich to hide away their ill gotten gains - is not evil, far from it.

The fact the very same people which benefit from a perception that KYC is evil and/or ineffective, are the same people making the decisions to penny pinch on security which directly lead to data breaches, is obviously a complete coincidence!

[–] herseycokguzelolacak@lemmy.ml 17 points 4 hours ago

KYC does nothing against rich people. Panama Papers came out and nothing happened. Law enforcement does not target rich people.

[–] WhatAmLemmy@lemmy.world 21 points 4 hours ago (1 children)

Bruh, the ultra rich have operated state sanctioned child rape islands for several decades. Do you really think KYC has any impact on their crimes?

If so, I have a bridge you might be interested in acquiring...

[–] HeyThisIsntTheYMCA@lemmy.world 3 points 2 hours ago* (last edited 2 hours ago)

those crimes in specific? no.

in how they carried out specific other crimes? yeah, it changed methodology at very least. it sounds like you don't understand KYC. it was not targeted at sex trafficking. it's aimed at financial crimes.

[–] Broken@lemmy.ml 2 points 3 hours ago

I agree that KYC isn't inherently evil. But the way its been weaponized is.

For instance in the telecommunications space it make total sense for mitigating spam SMS messages and Robocalls. But the carriers all sell your data for profit. They also don't protect your data properly and are breached all the time. That's malicious.

So no, I won't throw the baby out with the bathwater and agree its an oversimplification to simply call KYC evil. But I also don't blame people when all they see is abuse and never a good and proper implementation that isn't exploitative.

[–] HakFoo@lemmy.sdf.org 3 points 4 hours ago (1 children)

There's also an execution problem.

Truly knowing your customer might produce very different outcomes than the current compliance checkbox approach.

"I know Fred just sold his old car. The idea he suddenly has $12k in cash is not suspicious" or "Jane's been talking about going to Montreal for momths. We should not block her card when it lights up there.". That's real KYC, but it requires human connection and human judgement, which doesn't scale and doesn't provide the right paperwork for demonstrating compliance with arbitrary mandates.

[–] ClownStatue@piefed.social 4 points 4 hours ago

There’s also an execution problem.

There absolutely is. Way too many of these fuckers are still breathing.

[–] theparadox@lemmy.world 12 points 4 hours ago (2 children)

Fucking LOL. https://www.idmerit.com/blog/idmerits-data-breach-fail-safe-architecture-game-changer/

[–] ICastFist@programming.dev 1 points 27 minutes ago

Gotta love how the blog is nothing but "We're awesome, data leaks cannot happen with our architecture". Something about advertising too much is making up for lack of actual skill or something

[–] kambusha@sh.itjust.works 1 points 2 hours ago

Rewriting history

[–] bleistift2@sopuli.xyz 21 points 5 hours ago

60m records in Germany. That 3/4 of the population. The US has 350m inhabitants. 200m leaked records accounts for more than half!

[–] bacon_pdp@lemmy.world 8 points 5 hours ago (1 children)

Sounds more like big corporations are the problem here

[–] infinitesunrise@slrpnk.net 5 points 4 hours ago* (last edited 4 hours ago) (1 children)

Why? Little corporations must comply with KYC law, too. They're all required to gather personal data. Big or small, the data hoarding is required.

[–] bacon_pdp@lemmy.world 0 points 1 hour ago

If a small business comply with KYC laws and gets breached, less than 1000 people get impacted. One would have to breach a million different companies to equal the scale of a single mega corporation.

[–] lyralycan@sh.itjust.works 7 points 5 hours ago (1 children)

This happens every now and then, new or old data, several accounts, sometimes billions. Far too frequently.

[–] bleistift2@sopuli.xyz 27 points 5 hours ago

If the GDPR were worth a damn, this leak of over 200M data subjects’ data should be more than enough to completely liquidate this company to pay for damages.