> have been made available for free on the dark web<p>where on the dark web? that's the same as saying "on the internet" or "on social media"<p>edit: source article states Breach Forum<p><a href="https://www.resecurity.com/blog/article/massive-dump-of-hacked-salvadorean-headshots-and-pii-highlights-growing-threat-actor-interest-in-biometric-data" rel="nofollow">https://www.resecurity.com/blog/article/massive-dump-of-hack...</a>
El Salvador is training ground for the digital id/$/€; i wouldn't be surprised if it was done for that specific reason, to test infrastructure/prove a point
> but the breach appears to make Salvadorans relatively easy targets for cybercriminals looking to open accounts under assumed names, which would normally require them to gather other information contained in the leaked database<p>daily reminder that AML/KYC is a joke when you can just get a legitimate account with anybody else's info and access the international banking system<p>you would never be notified if someone simply made a <i>bank account</i> in your name, and never overdrafted it.
> data seems unlikely to help any hacker attempting to defeat an onboarding or access control system protected with presentation attack detection<p>No. But these people have been forever de-anonymised in photos and videos online, as well as in potentially every place on the planet with an integrated security-camera system.