Equifax breached ... 140 million accounts. The worse breach in history.


#262

Johnny Oliver come-lately over here!


#263

Yeah, I struggled to figure that shit out too. I came to the same conclusion as Stusser. They do not make it easy to freeze. They try to talk freezing down and talk up their product (locking). All very dodgy, if you ask me.


#264

I was reading their locking thing and it says it prevents people from pulling my credit and applying for credit in my name. It also says its incompatible with freezing.


#265

Gosh, you mean they were deceptive in their marketing materials? I for one am shocked and appalled.


#266

#267

The UK’s financial regulator, on the ball as ever, has finally announced it’s investigating the Equifax breach.


#268

Check this out.

So it wasn’t even like you had to hack them to get all the data.
You could literally, from a public facing website that required no login, access the data of EVERY SINGLE PERSON.

At some point, this needs to cross into criminal negligence, right?

Late last year, a security researcher started looking into some of the servers and websites that Equifax had on the internet. In just a few hours, after scanning the company’s public-facing infrastructure, the researcher couldn’t believe what they had found. One particular website allowed them to access the personal data of every American, including social security numbers, full names, birthdates, and city and state of residence, the researcher told Motherboard.

The site looked like a portal made only for employees, but was completely exposed to anyone on the internet. It displayed several search fields, and anyone—with no authentication whatsoever—could force the site to display the personal data of Equifax’s customers, according to the researcher. Motherboard saw multiple sets of the data they were able to access.

“I didn’t have to do anything fancy,” the researcher told Motherboard, explaining that the site was vulnerable to a basic “forced browsing” bug. The researcher requested anonymity out of professional concerns.

“All you had to do was put in a search term and get millions of results, just instantly—in cleartext, through a web app,” they said. In total, the researcher downloaded the data of hundreds of thousands of Americans in order to show Equifax the vulnerabilities within its systems. They said they could have downloaded the data of all of Equifax’s customers in 10 minutes: “I’ve seen a lot of bad things, but not this bad.”


#269

Oh, man! Equifax is really in trouble now!


#270

I checked when the breach was first announced, and Equifax’s search app said it didn’t look like I was one of the 143 million. Well, today I got a letter from them saying they found 2.5 million more on October 2, and it looks like I’m one of them. Good grief.


#271

It’s literally everyone.
All of their data was on the web, unprotected.


#272

Probably connected to this: while I had my credit frozen already, it looks like my Amazon Rewards Visa account number was used to make a piddly $1.45 charge two days before Halloween, per my statement. It has some domain name attached to it that doesn’t resolve, and on top of that, a phone number out of New York that comes up as the after hours/emergency number to call for some property management company. I have zero memory of using my card that day for any purpose, so the card’s been compromised, and now I have to wait for new cards and do the whole song and dance to give the companies I use it with for recurring billing the new number, grrr.


#273

Not connected to this, Equifax didn’t have credit card numbers.


#274

So only the banks involved have the actual numbers?


#275

Well, and all the criminals that stole them, of course. Everybody’s credit card has been stolen multiple times. Ever use your card at Chipotle, Hilton, Home Depot, IHG, etc?


#276

Of all those places, maybe at Home De(s)pot* 10 years ago or something.

*speaking of which, whatever you do, don’t ever have Home Depot have a storm door built for you in a custom size. That was a freaking ordeal. It took forever, and when the guy came to install it the first time, they’d built the damn thing with the wrong dimensions, gaaa. Then it took forever to get a proper receipt for warranty purposes.


#277

What about Target, Wendy’s, Trump Hotels, Goodwill… long story short, your credit card was stolen, no matter who you are. If you haven’t been hit yet, that’s just because they stole everybody’s card and your name wasn’t picked out of the hat.


#278

1.45 sounds like maybe a vending machine. I know mine at work shows something odd on cc statements


#279

Thing is, IIRC I spent that whole day (a Sunday) in my pajamas and bathrobe playing AC Revelations. In my defense I had had an impacted wisdom tooth extracted on Thursday (it had rested under the gum without giving me a problem for over 20 years since I’d had the other three taken out, but started bugging me in January or so).


#280

The hardest kind of fraud to spot would be the most purchased place on your monthly billing statement. So say you lived 5 minutes from a Walmart and had 15 times you visited in a month, it would be hard to spot the outlier offhand.

The easiest ones to spot are the outliers.


#281

Criminals will often charge a small amount to test if the card works before reselling it.