Secret... But generatable since 2009. [0] 2011 randomisation slightly reduced the risk, but not by much.

As many as 1 in 7 SSNs may have been accidentally used by more than one person. [1]

Unlike Australia's TFN or the UK's VAT, SSN has no self-check, making it rather easy to just... Generate one that works.

And all an API check of the number will tell you, is what an attacker would already have: DOB and Place of Birth.

[0] https://pnas.org/doi/full/10.1073/pnas.0904891106

[1] https://www.nbcnews.com/technolog/odds-someone-else-has-your...

> nearly all Americans now treat this as a Very Secret Number

I don't think that they actually do in practice. Last time I opened an account with Comcast they required your social security number. Same with an AT&T cell plan.

I'm not sure people treat this as a Very Secret Number. Certainly using SSNs publically has gone away, but people are willing to provide their SSNs to basically anyone that asks for it. Heck, some job applications ask for your SSN.

LOL.

Every single $&@ doctor's intake form: "We'd like to have you SSN".