Posting Personal Information Online (Specifically on PasteBin)

in #security7 years ago

Now, of course everyone's heard that whole "personal information" talk since the day their mother started berating them about it. We all know that personal information can be used against you in various ways - stealing bank accounts, hacking online accounts, and even identity theft. All these situations are very frustrating events to go through.
I've covered this topic before to a certain degree, so today I'll be focusing on PasteBin itself with regard to this specific issue, since it seems that a lot of people still don't realize this.

What is PasteBin?

According to the website itself:

Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.

I've sure used it in the past when I wanted to send some text document script to someone without having to clog up and entire chat. I could just simply send them a link to this. The vast majority of the "pastes" are scripts, some are random encoded characters, and others are secret game information/setups. Nothing too out of the ordinary, really. You have the freedom to post whatever you want to on there.
However this is where the issue comes in...

The Issue

The issue is that people are posting sensitive information on PasteBin for all the public to see. Anyone who just happened to be on PasteBin at that moment can see what you've posted if you make it public (which is the default setting). There is an option to set the paste as unlisted, but it seems that these people don't know how to use it. Or maybe they are doxxing someone on purpose? Whatever the intent, personal and sensitive information is being pasted there every minute. A simple peruse of the latest public post list will likely turn up something a malicious actor can use against you.

What I've Found

So I decided to take a half an hour or so and slog through the entire list of new pastes. This wasn't exactly such a menial job, but it was pretty boring at the start to just look at random scripts for which I had no use. Then, suddenly, I clicked on the latest paste and a long list of emails and passwords showed up. Gotcha! Twitter accounts such as dumpmon and websites such as HaveIBeenPwned continually scan pastes for stuff like this. Even though I knew I shouldn't and probably even couldn't use these hacked addresses, it gave me some hope that there were more interesting stuff on the horizon. And so it was.
Among all the scripts, game information, fanfiction stories, and random pastes I saw on there I found these:

  • More login details for various websites and email accounts.
  • ID/SS Numbers of various men written mostly in Arabic.
  • Letters people wrote to others which contain some personal information.
  • The private key to an SSL certificate (can potentially be used to hack a website).
  • A PayPal transaction with all personal details and credit card number included.
  • A gym membership letter that contained a person's full name and address.
  • A website's FTP access details (website contained personal pictures and details of the person who owned).
  • Game server passwords.
  • And much, much more.

Note: I always try my best to notify the people affected by these sensitive pastes. I make sure to never save any of that info so that I can't use that information in the future, even if I wanted to.

Lesson Learned

So, lesson learned! Never paste sensitive information publically online like that. You can make an unlisted paste if you wanted to, but that still doesn't guarantee absolute security and privacy. Rather use better means such as encrypted messengers and such.

Sort:  

Congratulations @dhumphrey! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

Award for the number of posts published
You published 4 posts in one day

Click on any badge to view your own Board of Honnor on SteemitBoard.
For more information about SteemitBoard, click here

If you no longer want to receive notifications, reply to this comment with the word STOP

By upvoting this notification, you can help all Steemit users. Learn how here!