Slashdot Mirror
TechCrunch: Equifax Hack-Checking Web Site Is Returning Random Results (techcrunch.com)
An anonymous reader quotes security researcher Brian Krebs:
The web site that Equifax advertised as the place where concerned Americans could go to find out whether they were impacted by this breach -- equifaxsecurity2017.com -- is completely broken at best, and little more than a stalling tactic or sham at worst. In the early hours after the breach announcement, the site was being flagged by various browsers as a phishing threat. In some cases, people visiting the site were told they were not affected, only to find they received a different answer when they checked the site with the same information on their mobile phones.
TechCrunch has concluded that "the checker site, hosted by Equifax product TrustID, seems to be telling people at random they may have been affected by the data breach." One user reports that entering the same information twice produced two different answers. And ZDNet's security editor reports that even if you just enter Test or 123456, "it says your data has been breached." TechCrunch writes: The assignment seems random. But, nevertheless, they were still asked to continue enrolling in TrustID. What this means is not only are none of the last names tied to your Social Security number, but there's no way to tell if you were really impacted. It's clear Equifax's goal isn't to protect the consumer or bring them vital information. It's to get you to sign up for its revenue-generating product TrustID.
Meanwhile, one web engineer claims the secret 10-digit "security freeze" PIN being issued by Equifax "is just a timestamp of when you made the freeze."
TechCrunch has concluded that "the checker site, hosted by Equifax product TrustID, seems to be telling people at random they may have been affected by the data breach." One user reports that entering the same information twice produced two different answers. And ZDNet's security editor reports that even if you just enter Test or 123456, "it says your data has been breached." TechCrunch writes: The assignment seems random. But, nevertheless, they were still asked to continue enrolling in TrustID. What this means is not only are none of the last names tied to your Social Security number, but there's no way to tell if you were really impacted. It's clear Equifax's goal isn't to protect the consumer or bring them vital information. It's to get you to sign up for its revenue-generating product TrustID.
Meanwhile, one web engineer claims the secret 10-digit "security freeze" PIN being issued by Equifax "is just a timestamp of when you made the freeze."
I look forward to my "massive" $5 gift certificate.
Right the big problem here is that there is not cost to the agencies to getting it wrong. If the report inaccurate information about it, it may cost you big, costs them nothing.
The 'free credit report' solution was BS. I it should not be my responsibility to verify on a regular basis some entity isnt spreading material falsehoods about me. Mind you making it my responsibility might be the only practical way, if we give the credit agencies the doubt and assume they at least try to get it right, they have no way to address the problem. They need to be penalized for forwarding bad information in some way. Maybe that is making it extra easy for libel(like) civil suits to succeed against this type of a business, with lower standards of proof of harm.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html