Slashdot Mirror

← Back to Stories (view on slashdot.org)

Equifax's App Has Disappeared From Apple's App Store and Google Play (fastcompany.com)

Posted by msmash on from the mystery-continues dept.

From a report: Equifax's mobile app has been removed from both the iOS and Google Play app stores. According to data from AppAnnie, the app was taken down the same day Equifax announced its massive security breach (September 7). Now customers no longer have access to Equifax Mobile. For example, when iOS users attempt to access the app, they receive a pop-up requiring them to update the program. The pop-up directs users to the App Store -- where they are informed the Equifax app is no longer available. We don't know why the app came down, though Fast Company has confirmed Apple was not involved with the decision to remove Equifax from the App Store.

33 of 73 comments (clear)

  1. Obligatory Nelson by DontBeAMoran · · Score: 1

    HA HA!

    --
    #DeleteFacebook
    1. Re: Obligatory Nelson by Anonymous Coward · · Score: 1

      "Now customers no longer have access..."

      Despite what people think, consumers are not their customer.

    2. Re: Obligatory Nelson by forkfail · · Score: 2

      Despite what people think, consumers are not their customer.

      Technically, I am a customer. Due to other data breaches, I wound up on their credit monitoring plan. Therefore, a bill is being paid to them to provide me with credit alerts and such. This means that not only did they lose my data, but now, as a result, they are not providing the advertised services that are being paid for.

      (Of course, I only go to their website and access this data via a secure desktop browser from a trusted network and never from my phone, but still.... )

      With this said, your point is well made. They are an organization that collects massive amounts of PII data without the consent of those whose data is collected and stored. For them to call the 99.9% of the population that does not do business directly with them "customers" is, to say the least, a deceitful misnomer.

      --
      Check your premises.
  2. Probably winding up the company by The123king · · Score: 4, Insightful

    After a breach that big, it's hard to see them coming out of the other side as a financially sound company. Especially since it's an agency the deals with credit ratings. If you can't trust them to keep your data secure, is there any point having business with them?

    I'll be here waiting for the news of their bankruptcy

    --
    If you gave me a choice between a printer and a giraffe with explosive diarrhoea, i'll get my ladder and my raincoat
    1. Re:Probably winding up the company by cant_get_a_good_nick · · Score: 5, Interesting

      What's this about trusting them? Did you ever fill out a form and say "please hold all my data?" Nope. You have no choice in the matter. It's not about consumer trust. Consumer trust has nothing to do with them making money. Only if their real customers (yes, you're the product) drop them will they have to change. This is a case only where losing money will effect change. But you and me will get a buck or two and only the lawyers will get rich.

      Also, see Axciom. Another company with a huge amount of data about you, data they pull from various sources without you saying "please develop a profile on me to sell me new things". If they had a data breach, same thing - us normal folks would bitch and moan but no real change.

      Or we can have the Trump administration have real laws protecting consu,......... nah, I couldn't even type the whole sentence out without laughing too hard to finish it.

    2. Re:Probably winding up the company by AlanObject · · Score: 3, Interesting

      I'll be here waiting for the news of their bankruptcy

      I'll be here waiting for news of what happens to all the Equifax executives that dumped their stock in the last several months. Somehow I missed that part of the story until just recently but if there weren't securities regulations broken there then there are no securities regulations..

    3. Re:Probably winding up the company by Known+Nutter · · Score: 1

      But, but, they didn't know about the breach when they dumped their stock.

      --
      Beware of the Leopard.
    4. Re:Probably winding up the company by DarkOx · · Score: 3, Insightful

      See honestly its hard for me to see how they will be financially hurt by the breach.

      A lot of noise has been made by execs selling stock. The thing is look at the pattern of these big breaches. All the major one have pretty much regained their market cap at some point. TJX, Target, Home Depot, PF Changs, the list goes on. Those are retail and by and would be pretty easy for consumers to avoid if they really cared to do so. They don't. The market has actually said breaches don't matter! There is a short term panic where everyone stays away and than they rapidly forget, and return to their old habits.

      Equifax is better positioned then retail to weather this. I mean sure you can decide you are not paying to have you FICO score included on your annual free credit report! Wow that'll show'em! Its a tiny portion of their business. Otherwise their customers are not consumers but corporate lenders and large employers. In the end they care if the data they are getting on YOU is accurate, not how well its controlled. They will either go with the cheapest mostly reliable source or they are using multiple agencies and will probably continue to use Equifax.

      Personally the CXOs that sold stock are probably smart, they know they can take profits today and probably buy it back cheaper next month sometime and ride it all the way back up to previous levels! Why because the fundamentals have not changed any so its almost a sure bet. Heck the moment I hear CONgress isnt going to do something crazy i'll probably buy too! Pretty much some kind of government intervention is the only thing that could actually hurt them as result of this.

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
    5. Re: Probably winding up the company by The123king · · Score: 2

      In that case, they've just leaked their income all over the internet. Why would i pay for thei services when all that data is freely available on the web?

      --
      If you gave me a choice between a printer and a giraffe with explosive diarrhoea, i'll get my ladder and my raincoat
    6. Re: Probably winding up the company by ichimunki · · Score: 2

      This is it exactly. 100% Couldn't agree more.

      If I were obtaining someone's credit report from Equifax at this point, I'd actually consider it MORE likely to be accurate since everyone's poring over their own records to make sure everything's OK. The hack didn't create, update, or delete data, just read it. At least as far as we know... and because of the hack, the data itself is under more scrutiny than normal.

      The whole thing smells like a fantastic way to sell credit freeze and credit monitoring services. Just another modern protection racket.

      --
      I do not have a signature
    7. Re:Probably winding up the company by cant_get_a_good_nick · · Score: 2

      As far as #1 goes, I know you're not going to listen, but of course a President has an agenda. Besides executive orders, which Trump has done exclusively since he can't organize his thoughts to get anything through Congress, they can drive things through Congress. Do you call the ACA "ObamaCare"? If so, you agree a President can have a "law" and drive it through Congress.

      Anyways, more importantly, as far as 2 goes, I need to trust them because they affect my life. Mortgage? Need to trust Equifax. Get a job? Need to trust Equifax if a potential employer checks my credit. Or yes, I can pay money to make sure they do their job. Such a racket.

    8. Re: Probably winding up the company by Anonymous Coward · · Score: 1

      Because no bank is going to lend you money based on some shit that's in a file they had to download via BitTorrent.

    9. Re:Probably winding up the company by whoever57 · · Score: 1

      If you can't trust them to keep your data secure, is there any point having business with them?

      You don't do business with them. You are not the customer, you are the product.

      Banks and other companies do business with them. They sell your private data to the banks, financial institutions, employers, private investigators, etc.. Do the real customers have any real interest in your data being private?

      --
      The real "Libtards" are the Libertarians!
    10. Re:Probably winding up the company by thegarbz · · Score: 2

      Personally the CXOs that sold stock are probably smart, they know they can take profits today and probably buy it back cheaper next month sometime and ride it all the way back up to previous levels!

      Yep, obvious insider trading is really "smart". It's like MBA level of "smart".

    11. Re:Probably winding up the company by LeftCoastThinker · · Score: 1

      The best way to put the fear of god in these companies is to name every company that sent them credit reporting information. Go after their real customers to the tune of $1000 per identity stolen from Equifax, an identity (and credit info) provided by one of Equifax' co-conspirators. When their customers who provided Equifax this information are named in the legal suit are facing millions of dollars in damages, you can bet your ass that Equifax pipleine of customers and credit reporting information will evaporate, and then Experian and Trans Union will both get a lot more serious about data security.

      --
      If you disagree, please post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like
  3. Customers are being given the "run around..." by bogaboga · · Score: 1

    For example, when iOS users attempt to access the app, they receive a pop-up requiring them to update the program. The pop-up directs users to the App Store -- where they are informed the Equifax app is no longer available.

    Someone is responsible for this mess. Especially the unfortunate message that leads nowhere...Why do companies do this?

    1. Re:Customers are being given the "run around..." by DarkOx · · Score: 1

      The app was withdrawn. So the update manager directs you to the app store. Now I guess it could be a little smarter and give you a message like "This app has been withdrawn, its recommended you remove it from your device".

      If Apple removed it from your device for you'd be screaming bloody murder! So on balance I'd hardly call this a mess. Its not ideal but its damn near doing the right thing and keeps the implementation simpler.

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
    2. Re:Customers are being given the "run around..." by RandomFactor · · Score: 1

      Consumers aren't their customers to 'get [their] credit services elsewhere.' This is a business to business market.

      Consumers don't ask credit agencies to collect their information in the first place. These agencies doxx citizens without consent(*) and then sell the information on those citizens to 3rd parties.

      The free market can only fix problems where the alternatives are somewhat comparable. In this case the choices for consumers are passively opt-in to credit reporting or actively avoid participating in society at a significant level. That's not a real choice so the market can't fix it.

      Frankly, a plague on both parties. Regulate (D) vs. Don't-Regulate (R) is incorrectly seen as a binary choice. Promoting competition is the alternative that works for consumers in the long run - find what needs to be tweaked so the market is competitive and tweak that.

      (*) I'm aware it's buried in fine print on every credit/debit card and bank account ever. That sort of encumbered consent imposed by unequal parties in contracts is abusive and eliminating that is where there is a legitimate role for government.

      --
      --- Mercutio was right.
  4. We'll see on this by sasparillascott · · Score: 1

    Frankly they have alot of friends in Washington (both parties) that they pay alot of money to - to buy off. The administration is loaded with people from the financial sector. I wouldn't be surprised to see them come out the other side of this with not much more than a slap on the wrist and a big gain of customers in their yearly credit monitoring service that folks will pay for after that first free year.

    I'd prefer your prediction, but after seeing the consequences for the firms and leadership that caused and participated in the financial crisis I have very little faith in real justice happening at these levels of money and power, particularly in the financial sector.

    Probably took the apps down cause the outside audit team noticed the apps were sending and receiving the financial / credit data in plain text to the customers (to go along with their security codes turning out to just be time stamps). /s

    1. Re:We'll see on this by phalse+phace · · Score: 5, Informative

      Frankly they have alot of friends in Washington (both parties) that they pay alot of money to - to buy off.

      This is so true.

      Equifax Lobbied for Easier Regulation Before Data Breach

      Sept. 11, 2017

      Equifax Inc. was lobbying lawmakers and federal agencies to ease up on regulation of credit-reporting companies in the months before its massive data breach.

      Equifax spent at least $500,000 on lobbying Congress and federal regulators in the first half of 2017, according to its congressional lobbying-disclosure reports. Among the issues on which it lobbied was limiting the legal liability of credit-reporting companies.

      The amount Equifax spent in the first half of this year appears to be in line with previous spending. In 2016 and 2015, the company’s reports show it spent $1.1 million and $1.02 million, respectively, on lobbying activities. While the company had broadly similar lobbying issues in those years, the liability matter was new in 2017.

      Equifax’s political-action committee made contributions to 13 members of the Financial Services Committee during the 2016 election cycle, according to data from the Center for Responsive Politics. Among the recipients was Committee Chairman Rep. Jeb Hensarling (R., Texas), who received $1,000. Last Friday, he called for his committee’s hearing into the breach.

      Rep. Blaine Luetkemeyer (R., Mo.), chairman of the Financial Institutions and Consumer Credit subcommittee that directly handles matters relating to the reporting companies, received $2,000. Also receiving $2,000 was Rep. Barry Loudermilk (R., Ga.), sponsor of the bill that would place a $500,000 cap on the statutory damages consumers could win in a lawsuit against the credit-reporting companies, as well as eliminate punitive damages against them entirely.

      The Equifax PAC also gave two additional $1,000 donations to Rep. Luetkemeyer this year, in April and June, according to Federal Election Commission records. The April donation was eight days before Rep. Loudermilk’s bill was introduced.

      At last week’s hearing into the liability limits bill and other regulatory overhaul measures, Chi Chi Wu, a staff attorney for the National Consumer Law Center, said the proposed legislation “drastically decreases the consequences for credit bureaus” when they violate the law.

      Equifax has also lobbied on changes to rules governing companies that promise to “repair” consumers’ credit. A separate bill pending before the Financial Services Committee would allow credit-reporting companies to offer credit-education and identity-protection services without being subject to rules governing credit-repair companies.

  5. the real problem there.... by Anonymous Coward · · Score: 3, Insightful

    The real problem isn't "the equifax app", whatever the fuck that is. The real problem is:

    For example, when iOS users attempt to access the app, they receive a pop-up requiring them to update the program. The pop-up directs users to the App Store -- where they are informed the Equifax app is no longer available.

    Do not allow ANY company that much control over your computing environment. If they don't abuse it today, they will tomorrow. Today it may be some stupid shit you don't care about. Tomorrow it will be something you do.

    Personal computing used to be in the hands of its owners. If we all decide it's OK to give that control away and centralize all decision making, that is saying China has the right model about centralized control, and the model that existed from the dawn of the personal computing era in the 1970's that empowered users instead of companies was wrong.

  6. Maybe Equifax App Hacked Too and Leaked Data by Anonymous Coward · · Score: 1

    Perhaps, the Equifax app was hacked and leaked credit records of others. It's possible that Equifax security was compromised in more than one way, which makes this story even worse. Furthermore, it wouldn't surprise me if Experian and TransUnion have been hacked too, but it's just been publicized yet.

    Credit freezes should be free and simple to request; default would be even more ideal. As of now, in many states, one must pay much as $15 per freeze and again to thaw. Price varies widely from state to state.

    Interesting how the major credit bureaus can easily offer credit freezes for free in states that require it. So it's not that they can't, but rather won't; a money grab. Prime example of government corruption (aka lobbying; legalized bribery) putting corporate interests ahead of citizens. It's no wonder so many don't respect nor trust government, but I digress. Hopefully, some good comes out of this, but as many already point out, there will likely be some government hearings, small fines, and little else. Maybe this time will be different.

    1. Re:Maybe Equifax App Hacked Too and Leaked Data by ichimunki · · Score: 1

      Credit freezes should be free and simple to request; default would be even more ideal. As of now, in many states, one must pay much as $15 per freeze and again to thaw. Price varies widely from state to state.

      In fact, given all the bullshit ways the commerce clause is used, it ought to be a no-brainer for congress to pass a law requiring the agencies to provide these at some set rate, and to legislate that in cases where direct loss of data can be linked to attempted misuse the "consumer" must be given free credit monitoring services and free freeze/thaw services for some period of time. Obviously there can't be any legislation that would affect this breach directly, but for the future...

      Equifax, TransUnion, and Experian are inherently operating across state lines and, as such, this shouldn't even be a state-by-state question.

      --
      I do not have a signature
  7. Open question by Lucas123 · · Score: 1

    Is the problem with mass corporate collection of sensitive consumer data that there are insufficient laws to either require opt-in or at least opt-out standards, and then once that data has been collected that there are no statutes surrounding how that data is secured?

    I'm simply dumfounded that a $3 billion company like Equifax could allow their data security to be so lax, and at the same time it feels as if somehow they'll walk away with a slap in the wrist with a fine that amounts to the money it would cost them to provide a month's worth of corporate executive lunches.

    Does anyone have any ideas as to how these corporate data collectors already are or could be pressured in the future to use industry standards or best practices to secure consumer data and what laws govern their punishment when they fail to implement those standards, which results in a data breach?

  8. We're not the customer by Anonymous Coward · · Score: 1

    Equifax' customers are folks led money and others who use credit history - banks, credit card companies, insurance companies, employers, FBI, land lords, etc ....

    They don't give a shit about this data breach. It's not their problem. There is also the other two big credit bureaus also.

    We little people are just the product. And we have no choice. Businesses are the ones who report the information and we have no opt-out abilities.

    And if someone uses the information that was taken and fucks us up, we are the ones who have to deal with it, pay the costs and clean it up. Trying to get erroneous information cleaned up with these credit bureaus is a nightmare.

    That's the trouble with corporate Big Brother, we are at an extreme disadvantage and have very little recourse. This is a prime case where more government regulation is needed because business will not take responsibility for their own actions.

    We need European types of privacy laws and regulations.

    And I froze my credit over tens years ago, and never missed it.

  9. Bet that the code that works with the apps was by rtfa0987 · · Score: 4, Interesting

    Those apps were very powerful. Wanna bet that the code that works with the apps was the source of the breach? Equifax Places utilizes your GPS location to show you: * Equifax Credit Score : Average credit scores in your area * Fraud Index: The frequency of identity fraud in your area * Credit Rankings: How your credit measures up to others in your area Want more? With an eligible Equifax product, you can also: * Lock and unlock your Equifax credit file* * View alerts to key credit file changes * Check your Credit Score — anywhere, anytime * Get one stop protection if you ever lose your wallet http://www.equifax.com/mobile/

    1. Re:Bet that the code that works with the apps was by rtfa0987 · · Score: 1

      It appears that the Equifax Mobile app was launched in various countries starting in March 2017... https://www.youtube.com/watch?... Mar 27 http://www.iphoneincanada.ca/n... June 2 http://www.cardtrak.com/data/9... June 13 https://blog.intelliquote.com/... Jul 11

    2. Re:Bet that the code that works with the apps was by mccalli · · Score: 2

      Just out of interest - who is desperate to learn this stuff on the go? "How your credit score measures up to others in your area" - why on earth would I need to ever know?

  10. Re:Quick! A fat bonus for the CEO! by PPH · · Score: 1

    Of course. He's to big for his breeches.

    --
    Have gnu, will travel.
  11. Another possible hole - "Equifax Ignite" by rtfa0987 · · Score: 2

    In March 2017, Equifax announced "Equifax Ignite" "Equifax Ignite Marketplace - Solutions are delivered in the form of downloadable apps that can be leveraged for visualizing and digesting applicable data, benchmarks, and trends across multiple industries." "Equifax Ignite Direct - This high-speed solution allows users to conduct their own analytics using direct access to our data warehouse, our attributes, and analytical tools. Seamless integration enables teams to self-serve as they build, test and deploy models that suit their unique needs. This will appeal to clients who have sophisticated analytics shops in house where access to data and Equifax tools can significantly enhance their own capabilities." https://finance.yahoo.com/news...

  12. Re:Opensecrets.org Equifax link by Anonymous Coward · · Score: 1

    Equifax ha$ every bit the $ame Con$titutional right to "petition the government for grievance$" a$ you do

    In its majestic equality, the Constitution permits rich and poor alike to spend millions of dollars to petition the government for grievances.

  13. Copy of old Android mobile app by xxxJonBoyxxx · · Score: 1

    I just downloaded a late 2016 copy of the Equifax Android app from here:
    http://www.apkmonk.com/app/com.equifax/

    Going to go see what's in there now.

    1. Re:Copy of old Android mobile app by xxxJonBoyxxx · · Score: 1

      Yeah, there might be some clues in there. From a quick decompile:

      UtilitiesHandler.java
              static final String masterKey = "EqUiFaX2468";

      network/WebServiceConnection.java
              public static class HttpWebServiceCredentials {
                      public static final String API_KEY = "cbaADwLofedTCHMKihgtSyIPlkjqPMosonm";
                      public static final String API_PASSWORD = "cabdnF3Bfedv4ve4ihggXTJ0lkjey0r0omn";
                      static final String PARTNER_CODE = "WEB";
                      static final String URL_statefull = "http://sdlc37.atl.ec.equifax.com/mws/web/services/v4_2/PsolMemberStatefullPort";
                      static final String URL_stateless = "http://sdlc37.atl.ec.equifax.com/mws/web/services/v4_2/PsolMemberStatelessPort";
                      static final String VERSION = "4.2";
              }

              public static class HttpsWebServiceCredentials {
                      public static final String API_KEY = "cbaLacfrfedTKXgqihg4kzSklkjlJ3IBonm";
                      public static final String API_PASSWORD = "cbagnNz0fedMIJOSihgXkoe4lkj-LRouonm";
                      private static final String PARTNER_CODE = "WEB";
                      static final String URL_MERCHANT_statefull = "http://apst2lc9a001.app.c9.equifax.com:5106/mws/web/services/v4_2/PsolMemberStatefullPort";
                      static final String URL_MERCHANT_stateless = "http://apst2lc9a001.app.c9.equifax.com:5106/mws/web/services/v4_2/PsolMemberStatelessPort";
                      static final String URL_PRODUCTION_statefull = "https://www.econsumer.equifax.com/mws/web/services/v4_2/PsolMemberStatefullPort";
                      static final String URL_PRODUCTION_stateless = "https://www.econsumer.equifax.com/mws/web/services/v4_2/PsolMemberStatelessPort";
                      private static final String VERSION = "4.2";
              }

      Lots of inline calls like:

              public String createConsumerLoginRequest(String userName, String password) {
                      return "<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:ns=\"http://xml.equifax.com/services/psol/member/" + this.version + "\"><soapenv:Header />" + "<soapenv:Body><ns:login-consumer-request><version>" + this.version + "</version><web-service-credentials><partner-code>" + this.parterCode + "</partner-code><api-key>" + this.apiKey + "</api-key><web-service-access-token /><password>" + this.apiPassword + "</password><new-password /></web-service-credentials>" + "<member-credentials><user-name>" + userName + "</user-name><password>" + password + "</password><consumer-id /><consumer-access-token /><partner-code>" + this.parterCode + "</partner-code></member-credentials>" + "</ns:login-consumer-request></soapenv:Body></soapenv:Envelope>";
              }