Identity thieves used thousands of stolen SSNs to generate IRS e-filing pins

best tax software united states american taxes 1040 social security number ssn header
Attackers using malware and stolen personal information managed to generate 101,000 e-filing PIN numbers, according to the IRS. Affected taxpayers will be notified by mail, and their accounts will be monitored.

The attack, which happened last month, was carried out by attackers who already had access to the Social Security Numbers (SSNs) of 464,000 people, according to the IRS. An automated system, detected by the IRS, managed to generate 101,000 e-filing PIN numbers before the scheme was shut down.

The attack was revealed to the public yesterday via a statement from the IRS, which briefly outlined what happened.

“Using personal data stolen elsewhere outside the IRS, identity thieves used malware in an attempt to generate E-file PINs for stolen social security numbers,” said the statement. “An E-file pin is used in some instances to electronically file a tax return.”

The IRS was quick to state that “no personal taxpayer data was compromised or disclosed by IRS systems,” and that the attackers had access to the SSNs prior to the attack. In essence, having access to the SSNs is what made the attack effective.

There’s a massive amount of leaked personal information available in online black markets, including databases of leaked SSNs. Would-be fraudsters are always looking for new ways to monetize this purloined data. And this is an example of turning raw materials — a database of social security numbers — into something potentially more lucrative — a database of working e-file pins. Stealing even a small fraction of that many people’s tax rebates would certainly be profitable, and seemingly valid e-file pins could go a long way toward making that possible.

The incident, which happened last month, was not related to last week’s brief IRS outage.

“IRS cybersecurity experts are currently assessing the situation, and the IRS is working closely with other agencies and the Treasury Inspector General for Tax Administration,” said the statement. “The IRS also is sharing information with its Security Summit state and industry partners.”

Online security is hard, but it is essential when it comes to tax data. Remember: keep personal information like your social security number to yourself, and never share it over email, IM, or social networks.

Product Review

The HP Chromebook x2 takes Chrome to the next level

HP’s Chromebook x2 acts a lot like Microsoft’s Surface Book 2, with a well-equipped tablet that plugs into a keyboard base that’s heavy enough to keep the combination mostly stable. Is this premium Chromebook the best one you can buy?
Emerging Tech

Wormlike motion sculptures show how athletes move in 3D

Researchers at MIT have developed a system that offers athletes a unique way to visualize their bodies in motion. An algorithm scans 2D videos of a person in motion, and generates data points that can be 3D-printed into "motion sculptures."
Computing

Windows improves handwriting-recognition skills at the peril of users’ security

A Windows file that is designed to help improve the platform's ability to translate your handwritten notes into readable text may be a security concern. One researcher found it contained passwords and email contents.
Emerging Tech

Crazy vending machine swaps computer art for your permanent selfie

Coder artist Matthias Dörfelt's camera-equipped vending machine swaps unique prints of computer-generated faces for the rights to upload your selfie onto the main Ethereum blockchain.
Social Media

Facebook is paying cash rewards if you find vulnerabilities in third-party apps

As part of efforts to put the Cambridge Analytica scandal and related issues behind it, Facebook said this week it's expanding its bug bounty program to include third-party apps and websites that could potentially misuse its data.
Computing

Pain in the wrists? Type in comfort with one of these great ergonomic keyboards

Long typing sessions can leave anyone's wrists aching, but if you have one of the best ergonomic keyboards, that doesn't have to be the case. Our list of favorites will support good typing posture while being comfortable to use.
Computing

Ripple cryptocurrency jumps 70 percent in 24 hours after news of bank deal

The Ripple cryptocurrency has seen its value reach the highest point since late 2017 after a tease from a Ripple Labs regulator suggested it could soon be adopted by banks for international money transfers.
Gaming

Dive head first into the best experiences available now on the Oculus Rift

The Oculus Rift brought back virtual reality and put a modern twist to it. Grab your Touch Controllers, put on your VR headset, and jump into the fun with some of the best Oculus Rift games available now.
Computing

Google tells lawmakers it allows other apps access to your Gmail

Google admitted to lawmakers in a letter that its privacy policy allows third-party apps access to the email messages of its 1.4 billion Gmail users. Google says the apps need the consent of users before access is granted.
Computing

From beautiful to downright weird, check out these great dual monitor wallpapers

Multitasking with two monitors doesn't necessarily mean you need to split your screens with two separate wallpapers. From beautiful to downright weird, here are our top sites for finding the best dual monitor wallpapers for you.
Computing

Gaming on a laptop has never been better. These are your best options

Gaming desktops are powerful, but they tie you down to your desk. For those of us who prefer a more mobile experience, here are the best gaming laptops on the market, ranging from budget machines to maxed-out, wallet-emptying PCs.
Computing

Tired of paying for shipping? Here's how to set up an Amazon Prime account

Want to know how to sign up for Amazon Prime? It's easier than you might think and even comes with a free trial so that you can enjoy all of its benefits for 30 days risk-free. Just follow these steps.
Social Media

Twitter squashes security bug leaking direct messages since 2017

The team at Twitter has discovered and corrected a security bug within one of their developer APIs that has been leaking sensitive information sent via direct messages to business accounts.
Computing

Tired of choosing between Windows and Mac? Check out these Chromebooks instead

We've compiled a list of the best Chromebooks -- laptops that combine great battery life, comfortable keyboards, and the performance it takes to run Google's lightweight Chrome OS. From Samsung to Acer, these are the Chromebooks that really…