Quote
Credit monitoring company Equifax has been hit by a high-tech heist that exposed the Social Security numbers and other sensitive information about 143 million Americans. Now the unwitting victims have to worry about the threat of having their identities stolen.
The Atlanta-based company, one of three major U.S. credit bureaus, said Thursday that "criminals" exploited a U.S. website application to access files between mid-May and July of this year.
The theft obtained consumers' names, Social Security numbers, birth dates, addresses and, in some cases, driver's license numbers. The purloined data can be enough for crooks to hijack the identities of people whose credentials were stolen through no fault of their own, potentially wreaking havoc on their lives.
"On a scale of one to 10, this is a 10 in terms of potential identity theft," said Gartner security analyst Avivah Litan. "Credit bureaus keep so much data about us that affects almost everything we do."
http://www.foxbusiness.com/features/2017/09/07/equifax-143m-us-consumers-affected-by-criminal-cybersecurity-breach.html
I like how the execs knew about it in July, but waited to announce it until after they dumped their stocks in the company
more background
https://www.forbes.com/sites/thomasbrewster/2017/09/08/equifax-data-breach-history/#3854ddcc677c
http://gizmodo.com/hmm-i-wonder-why-these-equifax-managers-dumped-their-s-1802204611
What a bunch of bastards. I hope that they get pursued by the US regulator for insider trading breaches. >:(
https://twitter.com/zackwhittaker/status/906178254331142144
https://twitter.com/AGSchneiderman/status/906195350532304896 (https://twitter.com/AGSchneiderman/status/906195350532304896)
fyi
https://www.nytimes.com/2017/09/08/your-money/identity-theft/equifaxs-instructions-are-confusing-heres-what-to-do-now.html
https://other98.com/equifax-is-shady-af/
QuoteAnd if you do enroll in their free trial, it's on you to remember that you signed up for the service. Because in a year you can bet your bottom dollar that Equifax is going to bill you. The free year of Trusted ID isn't some magnanimous enterprise; it isn't even a consolatory gesture. What it is is a shameless way to get more people to pay Equifax for their services in the wake of a disaster Equifax created.
Next, the site has some really weird behavior that has made a lot of people wonder if it even does the one job it's supposed to do in the first place.
Here's what I mean: in order to check if your personal data was compromised, the site asks for two pieces of data: your last name and the last six digits of your Social Security number. So, I went ahead and entered some made up information (Last name: Smith, SSN: 123456), and the site returned a positive result.
That's right, it told me that the fake personal information I entered had been compromised in the breach.
The "check" doesn't do anything other than recommend you sign up for their credit monitoring service. You can enter completely bogus info (even non-numeric characters for the last 6 of the SSN) and the site behavior is exactly the same as if you entered your correct info. Once you sign up for the credit monitoring service the TOS agreement forces you to waive your rights to litigation against Equifax for their data breach.
So the site they set up for customers to see if they were affected is a total fraud.
QuoteWhat's more, the website www.equifaxsecurity2017.com/ (http://www.equifaxsecurity2017.com/), which Equifax created to notify people of the breach, is highly problematic for a variety of reasons. It runs on a stock installation WordPress, a content management system that doesn't provide the enterprise-grade security required for a site that asks people to provide their last name and all but three digits of their Social Security number. The TLS certificate doesn't perform proper revocation checks. Worse still, the domain name isn't registered to Equifax, and its format looks like precisely the kind of thing a criminal operation might use to steal people's details. It's no surprise that Cisco-owned Open DNS was blocking access to the site and warning it was a suspected phishing threat.
https://arstechnica.com/information-technology/2017/09/why-the-equifax-breach-is-very-possibly-the-worst-leak-of-personal-info-ever/
The negligence on Equifax's part is astounding.
https://yro.slashdot.org/story/17/09/10/0128214/techcrunch-equifax-hack-checking-web-site-is-returning-random-results (https://yro.slashdot.org/story/17/09/10/0128214/techcrunch-equifax-hack-checking-web-site-is-returning-random-results)
https://nakedsecurity.sophos.com/2017/09/10/equifax-woeful-pins-put-frozen-credit-files-at-risk/
https://twitter.com/webster/status/906638411930497029 (https://twitter.com/webster/status/906638411930497029)
https://medium.com/@frankiegbaby/apology-from-equifax-ceo-tom-equifax-393beb5c8dfe
QuoteGood morning, America. I'm Tom Equifax, founder & CEO of Equifax. As you've probably read, a hacker recently gained access to a couple of files, which contained extensive personal & financial information for 143 million Americans. It even had some Social Security and credit card numbers in it, which is going to mean big trouble for a whole lot of people. And I'm sorry that any of you think I give a shit.
I mean, look. I even put this apology behind a paywall. That's how much I don't care. Really, my misanthropy should be obvious. If I cared about people, would I get rich running a company that reduces people to a number? A number based partly on whether you owe corporations enough money? We literally decide if you're worth anything to society, and it has nothing to do with what you do, or think. Saving a baby from a fire doesn't help your credit score at all. Credit score companies are evil, and I love running mine. So why would I care if we lost enough data to ruin 143 million lives? I work on ruining all your lives, every day. This is a freebie. This is boner material. Just imagine how many fraudulent lines of credit are gonna come out of this! I'm gonna get to drop so many of your scores, based on things you didn't even do. And it's gonna be awesome.
Some of you have probably realized by now that Equifax was founded 118 years ago, and you're wondering how I, founder Tom Equifax, am still alive. It's because I use dark magicks to convert the sorrows of the poor into vital essence. And so long as Equifax remains in operation, there will be more than enough poor-sorrow to keep me alive, underground, in a bunker, where I will sleep through the coming nuclear apocalypse, and re-emerge to rebuild society as its new God.
Why did I decide to use poor-sorrow, instead of rich-sorrow? Because fuck poor people. You heard me. Don't act surprised! I obviously hate poor people. All credit scoring companies do. Credit scores only really hurt poor people & middle poor people (that's what I call the "middle class"), and that's on purpose. If you're rich, the score doesn't really matter, because you have enough collateral for anything, or you can just make a bigger down payment! Donald Trump has a horrendous credit score, and it doesn't matter. Never did, never will. A billionaire with terrible credit gets to be President & tear this planet down, and your unemployed ass can't even get a used car. Credit scores are really something, aren't they folks?
You know, if I had things my way, you wouldn't be able to know your life-number without paying us. You only get that one free report a year because the stupid government makes us. In a better world, in the world I will build once this one burns in atomic hellfire, the mutant survivors will just never be able to rent an apartment or get a loan, and they'll never know why. They'll walk around with an ever-present sense of doom & dread, wondering if today's the day their hidden society-rating drops too far for them to keep on living. That's the Equifax dream.
So, 143 million people now have to worry about their lives being stolen out from under them. Because we're allowed to know everything about you, but we can't be bothered to be responsible, because we hate you. I can already feel the poor-essence flowing.
Get bent suckers,
FUTURE-GOD TOM EQUIFAX
https://krebsonsecurity.com/2017/09/ayuda-help-equifax-has-my-data/
They actually used 'admin' as a password for one database. What maroons! :DD
Quote from: OJsDad on September 15, 2017, 04:53:17 PM
They actually used 'admin' as a password for one database. What maroons! :DD
Thanks for reminding me to change my passw0rd! 😉
The first hacks occurred back in March.
A number of federal agencies are opening investigations, including the selling of shares before the announcement.
I shed tears laughing so hard at reading Medium.com's satire there. :notworthy:
Equifax announces hack and 3 weeks later is awarded a government contract for identity management
https://qz.com/1094442/equifax-efx-built-the-irss-login-system-that-was-hacked-in-2015-and-the-irs-just-renewed-its-contract/ (https://qz.com/1094442/equifax-efx-built-the-irss-login-system-that-was-hacked-in-2015-and-the-irs-just-renewed-its-contract/)