Whistleblower Says Doge Officials Copied Social Security Numbers

Posted4 months agoActive4 months ago

blueridge

94 points

60 comments

npr.orgNewsstory

heatednegative

Debate

80/100

DogeData_securityWhistleblower

Key topics

Doge

Data_security

Whistleblower

A whistleblower's allegations that Dogecoin (DOGE) officials copied Social Security numbers have sparked a heated debate about the long-standing reliance on these numbers as unique identifiers. Commenters are divided, with some, like emsign, condemning DOGE's actions as "criminal" and "illegal," while others, like d--b, suggest that the real issue is the continued use of Social Security numbers as "secret" identifiers. As the discussion unfolds, a surprising concern emerges: themafia's theory that the exfiltrated information might be used to train AI models, which emsign finds "realistic." Amidst the controversy, many are calling for a shift away from Social Security numbers, with some advocating for their use as public usernames and others highlighting their lack of uniqueness.

Snapshot generated from the HN discussion

Discussion Activity

Very active discussion

First comment

36s

Peak period

0-12h

Avg / period

6.2

Comment distribution31 data points

Loading chart...

Based on 31 loaded comments

Key moments

01Story posted
Aug 27, 2025 at 1:50 AM EDT
4 months ago
Step 01
02First comment
Aug 27, 2025 at 1:51 AM EDT
36s after posting
Step 02
03Peak activity
24 comments in 0-12h
Hottest window of the conversation
Step 03
04Latest activity
Sep 2, 2025 at 1:02 PM EDT
4 months ago
Step 04

Generating AI Summary...

Analyzing up to 500 comments to identify key contributors and discussion patterns

Discussion (60 comments)

Showing 31 comments of 60

d--b

4 months ago

3 replies

Perhaps it is time that the US stops relying on SSNs being “secret”…

2OEH8eoCRo0

4 months ago

1 reply

They should be considered unique (public) usernames

msgodel

4 months ago

1 reply

My understanding is that they're not even guaranteed to be unique.

datadrivenangel

4 months ago

2 replies

Yup. They get reused, and people can get new ones or sometimes multiple at the same time...

Xss3

4 months ago

1 reply

Why? Are they stupid?

msgodel

4 months ago

Yes. The whole idea is very flawed. It would be good if we got rid of it entirely but most people can't mentally/emotionally/financially handle that so we end up with a lot of bad compromises.

2OEH8eoCRo0

4 months ago

2 replies

Source? From what I can gather they're supposed to be unique and they don't reuse them. If two people have the same number then it's a mistake.

datadrivenangel

4 months ago

"Under a few rare circumstances, SSA may legitimately issue a new SSN to a person with a prior SSN. The conditions are highly restrictive."

https://www.ssa.gov/policy/docs/ssb/v69n2/v69n2p55.html

dragonwriter

4 months ago

> From what I can gather they're supposed to be unique and they don't reuse them. If two people have the same number then it's a mistake.

Yes, it is a mistake for two people to be issued the same number and it is unusual for multiple to be issued to the same person.

However given the very large volume and the conditions under which things have happened (not just currently but back to 1936!) both mistakes and unusual conditions exist in numbers that cannot be ignored.

XorNot

4 months ago

ED25519 keys being short and quick to generate makes this state of affairs infuriating whenever it turns up - SSNs, credit card numbers etc.

emsign

4 months ago

Doesn't change the fact that DOGE are criminal scumbags with root access who did illegal things nobody should ever do. It doesn't matter at all if SSNs were replaced by something decent when young naive and impressionable scumbags with root access and no morals whatsoever will simply steal the data anyway. Quite the contrary even, secure SSN as data loot is even more valuable to the thieves.

themafia

4 months ago

2 replies

My deep suspicion, given some of the players involved in DOGE, is that most of this information is being exfiltrated for the purposes of training AI models. They'll likely be used for social and political manipulation of groups and possibly even individuals. There's a big market for "pre-crime" solutions which will also rely heavily on this type of data and are already being deployed by various state-level law enforcement agencies.

The coming of the "digital caste" society powered by "social credit" scores seems to be the end game. This is a battle of the rich and powerful against the average citizen and they want to reduce all of us back into fiefdom. We can no longer trust a large federal or even state government with these tools.

emsign

4 months ago

1 reply

This is a realistic concern. I can't understand why peopleare downvoting it.

matheweis

4 months ago

2 replies

There are at least two reasons:

First is Hanlon’s Razor; “Never attribute to malice that which is adequately explained by stupidity”. It appears to be especially applicable here.

Second is that this kind of information (with far richer data) is already accessible to and used by corporations at scale; think credit bureaus, background checkers, etc.

tyleo

4 months ago

I agree with Hanlon’s Razor to some extent but it does fail to provide accountability, “they aren’t cruel, just incompetent so the behavior is okay.”

aeve890

4 months ago

>First is Hanlon’s Razor

Those "razors" (Occam's, Hanlon's, etc) are just heuristics, not axioms. At what point you're supposed to stop assuming root cause is just stupidity? given the priors one can perfectly asume malice right away.

xtiansimon

4 months ago

1 reply

Is there talk about DOGE working to combine various government databases as a new data project for the government?

xtiansimon

4 months ago

Oh Boy. Saw the links today—Maybe it’s the National Design Studio?

I worked in marketing during Web 1.0–the brochureware era. I know all too well the difference between then and the modern web today.

What’s the point if it’s not to unify design AND data?!

0xy

4 months ago

4 replies

Copied from one secure S3 bucket to another secure S3 bucket, both inaccessible from the internet, both on SSA infrastructure.

What exactly is the problem?

anonymousiam

4 months ago

1 reply

Wrong political party involved in doing it?

jackstraw42

4 months ago

Surely this is ragebait.

afavour

4 months ago

1 reply

> However, according to the complaint, the copied data had far fewer security measures in place to protect it than the SSA's standard protocols typically require.

> According to Andrea Meza, an attorney with the Government Accountability Project who represents Borges, the cloud environment appeared to be set up for DOGE-affiliated Social Security staffers, but it "lacks independent security, monitoring and oversight." She said Borges "has serious concerns about the vulnerability it causes for nearly every American's data."

Not all applications of "secure" are equal.

Cthulhu_

4 months ago

It may be secure enough for being on S3, but that's not the whole definition of secure for government / SSNs, where there's (presumably) sheaves of paperwork explaining what exactly the storage needs to conform to and, more importantly, what paperwork and procedures need to be in place.

saagarjha

4 months ago

There are processes for copying data around. The person who works the front desk at Google doesn't have access to all of Gmail, for example.

billy99k

4 months ago

It's about as secure as you can get and there are still complaints about it.

All from the same people that said we had the most secure election in history in 2020 while ignoring the voting machine hacks at Defcon for the last decade.

billy99k

4 months ago

2 replies

It'd hard to believe anything NPR reports about the current administration because they defunded them.

jfengel

4 months ago

1 reply

That seems to be a self-fulfilling strategy: punish your enemies, and then they can no longer be trusted when they say negative things about you.

billy99k

4 months ago

"punish your enemies, and then they can no longer be trusted when they say negative things about you."

This was done to the Republicans for 4 years. I suppose he's just using the same strategy?

NPR wouldn't report on things that would actually hurt the Biden administration, like the laptop, so why should I believe them now? I haven't trusted them for years...the fact that my tax dollars aren't paying for it anymore is only a bonus.

This is why they can't be trusted: Non-biased reporting will report bad things about a politician they support, even if it helps the person they don't support.

In addition to this, the actual article is a nothingburger. They moved secure information from one non-Internet connected server to another. If this is the standard for security reporting, the violations found during the 2020 election should have been front-page news for weeks...but they were strangely silent..............

seanicus

4 months ago

Same admin that opposes any real reporting on what they're doing except for entities that report glowingly on them. Trump Admin has loudly clashed with any and all legit journalistic entities (bad news: Newsnation and Zero Hedge are conservative hacks) so no reporting can be believed except ones approved by the state/Trump admin.

gnabgib

4 months ago

Discussion (123 points, 16 hours ago, 54 comments) https://news.ycombinator.com/item?id=45026372

JohnTHaller

4 months ago

Link in case the pro-DOGE brigade brings it down: https://www.npr.org/2025/08/26/nx-s1-5517977/social-security...

29 more comments available on Hacker News

View full discussion on Hacker News

ID: 45035856Type: storyLast synced: 11/20/2025, 4:41:30 PM

Want the full context?