Slashdot Mirror

← Back to Stories (view on slashdot.org)

Identity Thieves Obtain 100,000 Electronic Filing PINs From IRS System (csoonline.com)

Posted by yaelk on Wednesday February 10, 2016 @06:30AM from the identity-theft dept.

itwbennett writes: In January attackers targeted an IRS Web application in an attempt to obtain E-file PINs corresponding to 464,000 previously stolen social security numbers (SSNs) and other taxpayer data. The automated bot was blocked by the IRS after obtaining 100,000 PINs. The IRS said in a statement Tuesday that the SSNs were not stolen from the agency and that the agency would be notifying affected taxpayers.

3 of 107 comments (clear)

Min score:

Reason:

Sort:

I have a datafile by buchner.johannes · 2016-02-10 06:33 · Score: 4, Funny

with ten-thousand 4-digit PINs. Interested?

--
NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
1. Re:I have a datafile by Anonymous Coward · 2016-02-10 06:46 · Score: 1, Funny
  
  So you got hacker problems,
  I feel bad for you son.
  I got 9,999 PIN codes,
  but "1234" ain't one.
Re:Password Security 101 by amicusNYCL · 2016-02-10 07:04 · Score: 3, Funny

Since when do systems allow brute-force attacks on PIN numbers? Many systems have been locking out (or slowing down) logins after a certain number of failed attempts for a long time now.
Yes, and obviously the IRS is using such a system. They have a rule in their firewall which says something like "if the IP address makes 100,000 requests within a minute, then block it." Boom, problem solved. Intrusion Detection systems have come a long way, and the IRS is leading the way.

--
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black