Slashdot Mirror

← Back to Stories (view on slashdot.org)

TechCrunch: Equifax Hack-Checking Web Site Is Returning Random Results (techcrunch.com)

Posted by EditorDavid on from the discredit-reports dept.

An anonymous reader quotes security researcher Brian Krebs: The web site that Equifax advertised as the place where concerned Americans could go to find out whether they were impacted by this breach -- equifaxsecurity2017.com -- is completely broken at best, and little more than a stalling tactic or sham at worst. In the early hours after the breach announcement, the site was being flagged by various browsers as a phishing threat. In some cases, people visiting the site were told they were not affected, only to find they received a different answer when they checked the site with the same information on their mobile phones.
TechCrunch has concluded that "the checker site, hosted by Equifax product TrustID, seems to be telling people at random they may have been affected by the data breach." One user reports that entering the same information twice produced two different answers. And ZDNet's security editor reports that even if you just enter Test or 123456, "it says your data has been breached." TechCrunch writes: The assignment seems random. But, nevertheless, they were still asked to continue enrolling in TrustID. What this means is not only are none of the last names tied to your Social Security number, but there's no way to tell if you were really impacted. It's clear Equifax's goal isn't to protect the consumer or bring them vital information. It's to get you to sign up for its revenue-generating product TrustID.
Meanwhile, one web engineer claims the secret 10-digit "security freeze" PIN being issued by Equifax "is just a timestamp of when you made the freeze."

7 of 176 comments (clear)

  1. Do the math by Applehu+Akbar · · Score: 5, Funny

    The judgement Equifax will have to pay for this breach is massive. Unfortunately, the probability of it staying solvent enough to pay anything is the reciprocal of this amount.

    1. Re:Do the math by arth1 · · Score: 5, Funny

      $20 towards signing up for TrustID, I'm sure. Taxes and other fees apply.

    2. Re:Do the math by mentil · · Score: 3, Funny

      Nah. Carly, Elop or Meg will take over for a while until they're bought out by Verizon. All the data owned by Equifax will then be used for yet another Verizon targeted advertising scheme, because apparently Verizon wishes it were Google.

      --
      Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
    3. Re: Do the math by Hognoxious · · Score: 2, Funny

      If he hadn't invented the internet this hack wouldn't have occurred. Therefore, Obama is a Kenyan. QED.

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
    4. Re:Do the math by shentino · · Score: 5, Funny

      I'm afraid Monsanto has a patent on that

  2. Faster method by Tablizer · · Score: 4, Funny

    Just ask the Nigerian prince. Quick turnaround if you help him with a little banking snafu.

    --
    Table-ized A.I.
  3. Re:The Experian hotline by arth1 · · Score: 5, Funny

    STOP SAYING PIN NUMBERS

    Yes, he should have said personal PIN number, so it's not mistaken for a corporate PIN number.