'

PSA: Stop uploading your bitcoin wallet keys and credit cards to file-sharing sites

You'd be surprised at how many people do it daily.

qr-wallet.jpg

Stop putting your sensitive data on the internet.

What's the first thing you do with a new credit card?

Peel off the sticky label on the front and activate it? Rush to the store to try it out for the first time? Or, do you post a photo of it (both sides!) to social media for the world to see?

One of those answers was a big "no-no."

That said, you'd be surprised at how many people do it daily.

In the past week, we were alerted to a high-profile file sharing site, which lets anyone search other users' uploaded files. You name it -- it's there -- and credit cards are just the tip of the iceberg of sensitive files.

We spent a few hours searching the site with common search terms, and we found a ton of sensitive information -- beyond credit cards -- including completed tax returns (with names, addresses, financial information, and Social Security numbers), scanned passport photos, and password lists, which, if used, could allow an attacker access to online accounts. We even found bitcoin wallet private keys, making it easy to hijack entire wallets full of bitcoin and other cryptocurrency. The results would regularly include explicit images, regardless of search terms.

chase-left.png

A debit card posted the same day as this story was published. (Redactions added by ZDNet. You're welcome, Mr. Love.)

That kind of exposed data puts anyone whose information is out there at risk of theft, credit card and tax return fraud, identity theft or impersonation, and extortion.

We're not naming the site, because the sensitive data remains online. The site did not respond to a request for comment prior to publication.

File-sharing sites have long been a semi-lawless corner of the internet where almost anything goes. Many previously popular sites no longer exist -- often shutdown for violating piracy laws for taking an unmoderated and lax approach to removing copyrighted movies and music. Others preemptively pulled the plug on their own accord, for fear of also facing criminal charges.

Of the few that still exist, nearly all have been at the center of privacy breaches. More often than not, it's been as a result of careless uploading by the user themselves.

I know -- hell, even you know -- this shouldn't need to be said, but please stop putting your personals on the internet.

With enough exposed data out there already, don't make it any easier for the criminals.

Got a tip?

You can send tips securely over Signal and WhatsApp at 646-755–8849. You can also send PGP email with the fingerprint: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Read More