Equifax breach exposes 143 million people to identity theft

Started by steve58, September 07, 2017, 11:23:20 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

steve58

Quote
Credit monitoring company Equifax has been hit by a high-tech heist that exposed the Social Security numbers and other sensitive information about 143 million Americans. Now the unwitting victims have to worry about the threat of having their identities stolen.

The Atlanta-based company, one of three major U.S. credit bureaus, said Thursday that "criminals" exploited a U.S. website application to access files between mid-May and July of this year.

The theft obtained consumers' names, Social Security numbers, birth dates, addresses and, in some cases, driver's license numbers. The purloined data can be enough for crooks to hijack the identities of people whose credentials were stolen through no fault of their own, potentially wreaking havoc on their lives.

"On a scale of one to 10, this is a 10 in terms of potential identity theft," said Gartner security analyst Avivah Litan. "Credit bureaus keep so much data about us that affects almost everything we do."

http://www.foxbusiness.com/features/2017/09/07/equifax-143m-us-consumers-affected-by-criminal-cybersecurity-breach.html
Government is not the solution to our problem—government is the problem.   Ronald Reagan
The democracy will cease to exist when you take away from those who are willing to work and give to those who would not.   Thomas Jefferson
During times of universal deceit, telling the truth becomes a revolutionary act.   George Orwell  The truth is quiet...It's the lies that are loud.   Jesus Revolution
If you ever find yourself in need of a safe space then you're probably going to have to stop calling yourself a social justice warrior. You cannot be a warrior and a pansy at the same time   Mike Adams (RIP Mike)

bayonetbrant

I like how the execs knew about it in July, but waited to announce it until after they dumped their stocks in the company
The key to surviving this site is to not say something which ends up as someone's tag line - Steelgrave

"their citizens (all of them counted as such) glorified their mythology of 'rights'...and lost track of their duties. No nation, so constituted, can endure." Robert Heinlein, Starship Troopers

bayonetbrant

The key to surviving this site is to not say something which ends up as someone's tag line - Steelgrave

"their citizens (all of them counted as such) glorified their mythology of 'rights'...and lost track of their duties. No nation, so constituted, can endure." Robert Heinlein, Starship Troopers

Boggit

What a bunch of bastards. I hope that they get pursued by the US regulator for insider trading breaches. >:(
The most shocking fact about war is that its victims and its instruments are individual human beings, and that these individual beings are condemned by the monstrous conventions of politics to murder or be murdered in quarrels not their own. Aldous Huxley

Foul Temptress! (Mirth replying to Gus) ;)

On a good day, our legislature has the prestige of a drunk urinating on a wall at 4am and getting most of it on his shoe. On a good day  ::) Steelgrave

It's kind of silly to investigate whether or not a Clinton is lying. That's sort of like investigating why the sky is blue. Banzai_Cat

mirth

"45 minutes of pooping Tribbles being juggled by a drunken Horta would be better than Season 1 of TNG." - SirAndrewD

"you don't look at the mantelpiece when you're poking the fire" - Bawb

"Can't 'un' until you 'pre', son." - Gus

mirth

"45 minutes of pooping Tribbles being juggled by a drunken Horta would be better than Season 1 of TNG." - SirAndrewD

"you don't look at the mantelpiece when you're poking the fire" - Bawb

"Can't 'un' until you 'pre', son." - Gus

bayonetbrant

https://other98.com/equifax-is-shady-af/

QuoteAnd if you do enroll in their free trial, it's on you to remember that you signed up for the service. Because in a year you can bet your bottom dollar that Equifax is going to bill you. The free year of Trusted ID isn't some magnanimous enterprise; it isn't even a consolatory gesture. What it is is a shameless way to get more people to pay Equifax for their services in the wake of a disaster Equifax created.

Next, the site has some really weird behavior that has made a lot of people wonder if it even does the one job it's supposed to do in the first place.

Here's what I mean: in order to check if your personal data was compromised, the site asks for two pieces of data: your last name and the last six digits of your Social Security number. So, I went ahead and entered some made up information (Last name: Smith, SSN: 123456), and the site returned a positive result.

That's right, it told me that the fake personal information I entered had been compromised in the breach.
The key to surviving this site is to not say something which ends up as someone's tag line - Steelgrave

"their citizens (all of them counted as such) glorified their mythology of 'rights'...and lost track of their duties. No nation, so constituted, can endure." Robert Heinlein, Starship Troopers

mirth

The "check" doesn't do anything other than recommend you sign up for their credit monitoring service. You can enter completely bogus info (even non-numeric characters for the last 6 of the SSN) and the site behavior is exactly the same as if you entered your correct info. Once you sign up for the credit monitoring service the TOS agreement forces you to waive your rights to litigation against Equifax for their data breach.

So the site they set up for customers to see if they were affected is a total fraud.
"45 minutes of pooping Tribbles being juggled by a drunken Horta would be better than Season 1 of TNG." - SirAndrewD

"you don't look at the mantelpiece when you're poking the fire" - Bawb

"Can't 'un' until you 'pre', son." - Gus

mirth

QuoteWhat's more, the website www.equifaxsecurity2017.com/, which Equifax created to notify people of the breach, is highly problematic for a variety of reasons. It runs on a stock installation WordPress, a content management system that doesn't provide the enterprise-grade security required for a site that asks people to provide their last name and all but three digits of their Social Security number. The TLS certificate doesn't perform proper revocation checks. Worse still, the domain name isn't registered to Equifax, and its format looks like precisely the kind of thing a criminal operation might use to steal people's details. It's no surprise that Cisco-owned Open DNS was blocking access to the site and warning it was a suspected phishing threat.

https://arstechnica.com/information-technology/2017/09/why-the-equifax-breach-is-very-possibly-the-worst-leak-of-personal-info-ever/

The negligence on Equifax's part is astounding.
"45 minutes of pooping Tribbles being juggled by a drunken Horta would be better than Season 1 of TNG." - SirAndrewD

"you don't look at the mantelpiece when you're poking the fire" - Bawb

"Can't 'un' until you 'pre', son." - Gus

mirth

"45 minutes of pooping Tribbles being juggled by a drunken Horta would be better than Season 1 of TNG." - SirAndrewD

"you don't look at the mantelpiece when you're poking the fire" - Bawb

"Can't 'un' until you 'pre', son." - Gus

bayonetbrant

https://medium.com/@frankiegbaby/apology-from-equifax-ceo-tom-equifax-393beb5c8dfe

QuoteGood morning, America. I'm Tom Equifax, founder & CEO of Equifax. As you've probably read, a hacker recently gained access to a couple of files, which contained extensive personal & financial information for 143 million Americans. It even had some Social Security and credit card numbers in it, which is going to mean big trouble for a whole lot of people. And I'm sorry that any of you think I give a shit.
I mean, look. I even put this apology behind a paywall. That's how much I don't care. Really, my misanthropy should be obvious. If I cared about people, would I get rich running a company that reduces people to a number? A number based partly on whether you owe corporations enough money? We literally decide if you're worth anything to society, and it has nothing to do with what you do, or think. Saving a baby from a fire doesn't help your credit score at all. Credit score companies are evil, and I love running mine. So why would I care if we lost enough data to ruin 143 million lives? I work on ruining all your lives, every day. This is a freebie. This is boner material. Just imagine how many fraudulent lines of credit are gonna come out of this! I'm gonna get to drop so many of your scores, based on things you didn't even do. And it's gonna be awesome.
Some of you have probably realized by now that Equifax was founded 118 years ago, and you're wondering how I, founder Tom Equifax, am still alive. It's because I use dark magicks to convert the sorrows of the poor into vital essence. And so long as Equifax remains in operation, there will be more than enough poor-sorrow to keep me alive, underground, in a bunker, where I will sleep through the coming nuclear apocalypse, and re-emerge to rebuild society as its new God.
Why did I decide to use poor-sorrow, instead of rich-sorrow? Because fuck poor people. You heard me. Don't act surprised! I obviously hate poor people. All credit scoring companies do. Credit scores only really hurt poor people & middle poor people (that's what I call the "middle class"), and that's on purpose. If you're rich, the score doesn't really matter, because you have enough collateral for anything, or you can just make a bigger down payment! Donald Trump has a horrendous credit score, and it doesn't matter. Never did, never will. A billionaire with terrible credit gets to be President & tear this planet down, and your unemployed ass can't even get a used car. Credit scores are really something, aren't they folks?
You know, if I had things my way, you wouldn't be able to know your life-number without paying us. You only get that one free report a year because the stupid government makes us. In a better world, in the world I will build once this one burns in atomic hellfire, the mutant survivors will just never be able to rent an apartment or get a loan, and they'll never know why. They'll walk around with an ever-present sense of doom & dread, wondering if today's the day their hidden society-rating drops too far for them to keep on living. That's the Equifax dream.
So, 143 million people now have to worry about their lives being stolen out from under them. Because we're allowed to know everything about you, but we can't be bothered to be responsible, because we hate you. I can already feel the poor-essence flowing.
Get bent suckers,
FUTURE-GOD TOM EQUIFAX
The key to surviving this site is to not say something which ends up as someone's tag line - Steelgrave

"their citizens (all of them counted as such) glorified their mythology of 'rights'...and lost track of their duties. No nation, so constituted, can endure." Robert Heinlein, Starship Troopers

mirth

"45 minutes of pooping Tribbles being juggled by a drunken Horta would be better than Season 1 of TNG." - SirAndrewD

"you don't look at the mantelpiece when you're poking the fire" - Bawb

"Can't 'un' until you 'pre', son." - Gus

OJsDad

They actually used 'admin' as a password for one database.  What maroons!   :DD
'Here at NASA we all pee the same color.'  Al Harrison from the movie Hidden Figures.

joram

Quote from: OJsDad on September 15, 2017, 04:53:17 PM
They actually used 'admin' as a password for one database.  What maroons!   :DD

Thanks for reminding me to change my passw0rd! 😉

OJsDad

The first hacks occurred back in March.

A number of federal agencies are opening investigations, including the selling of shares before the announcement. 
'Here at NASA we all pee the same color.'  Al Harrison from the movie Hidden Figures.