We should start thinking of these breaches in terms of their accumulated impact. It's not the 1990s anymore, where data is difficult to store and networking too slow to move it.
We should assume the leaked data doesn't go away; that instead people out there are consolidating Equifax data with Vastaamo data, adding data from Exchange hacks and the Accellion hack, to cross-reference with data from Facebook... it's like water flooding a levee now, instead of evaporating.
Honestly sounds like a fun job for future historians. By aggregating all the leaks over a long period, how much of a person can you reconstruct?
For example even though I am using a throwaway account, HN's logs might one day get compromised. So now they can join the IP address to other compromised sites that I was logged into using my usual email. And from my email they already have my name, SSN, address, phone number, usernames, passwords, etc, exposed from prior breaches. But now they know about my shitposts too.
That's exactly my point. I think I am safe on HN because I'm using a random user name with no email attached. But their logs definitely have my ip address and that ip address will be common across other compromised logs on other sites, some of which I might be logged into with a real email (this is true regardless of incognito mode since it's the same computer).
We should assume the leaked data doesn't go away; that instead people out there are consolidating Equifax data with Vastaamo data, adding data from Exchange hacks and the Accellion hack, to cross-reference with data from Facebook... it's like water flooding a levee now, instead of evaporating.
Not the first time I've harped here about this (ie: https://news.ycombinator.com/item?id=26604753, https://news.ycombinator.com/item?id=24586258), but I hope we start planning for that kind of future.