Welcome to WebmasterWorld Guest from 54.91.16.95

Forum Moderators: open

Security Breach at Equifax May Affect 143 Million

     
10:16 am on Sep 8, 2017 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:24932
votes: 644


It seems that around 143 million U.S., U.K., and Canadian records at Equifax were accessed between May and July this year. There could be Social Security numbers, birth dates and addresses stolen.

Malicious hackers won access to its systems by exploiting a "website application vulnerability", it said but provided no further details.

The hackers accessed credit card numbers for about 209,000 consumers, among other information. Security Breach at Equifax May Affect 143 Million [bbc.co.uk]
3:33 pm on Sept 8, 2017 (gmt 0)

Administrator from US 

WebmasterWorld Administrator not2easy is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Dec 27, 2006
posts:3514
votes: 194


Equifax has created a website to help consumers find out whether their data was at risk. I am not sure I would want to enter my information there or not: (http://www.equifaxsecurity2017.com/)
4:07 pm on Sept 8, 2017 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:24932
votes: 644


That occurred to me, too, and i'm sure i'd not want to give them any more data.
11:55 pm on Sept 8, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:10393
votes: 597


Aren't they the ones that said I didn't pay my light bill from 1971? When I proved I didn't live at that address at that time, they replied "yeah, but you still didn't pay your light bill."

I've never trusted any of those so-call credit reporting agencies. They publish unverified information about you that could have significant repercussions with your credit rating, then it's up to you to prove the information is false.

On the upside, if my data was breached, it's probably false.
2:26 am on Sept 9, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:10393
votes: 597


Ironic that Equifax, who sells identity theft protection products, would allow a vulnerability in their own software that caused the identities of 143 million people to be stolen.
3:05 am on Sept 9, 2017 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Dec 27, 2004
posts:1918
votes: 57


I am not sure I would want to enter my information there or not: (http://www.equifaxsecurity2017.com/)

Seems like by entering your information on that site would eliminate your chances of being part of farther class-action law suit... it is all over the web now...

I am one of those CR-Geeks that has 800+ FICO Scores across the board.

Needless to say, just watch out...
9:49 am on Sept 9, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:10393
votes: 597


Looks like Equifax earned a class action with this one: [msn.com...]
10:50 am on Sept 9, 2017 (gmt 0)

Preferred Member

Top Contributors Of The Month

joined:Sept 12, 2014
posts:384
votes: 67


Only 143,000,000? They have everybobys records, did the hackers stop when they hit 143M or are we being lied to yet again? The website does not really say if you are a victim, but it does give you 1 free year of credit protect if you give them a credit card so they can bill you after the free trial period.

p.s. don't forget to shred your old paperwork to portect you identity /s
3:21 am on Sept 10, 2017 (gmt 0)

Full Member from US 

10+ Year Member

joined:Apr 11, 2006
posts:235
votes: 17


Looks like Equifax earned a class action with this one


It's a wonder they didn't get one after the first two times they were hacked.
5:57 am on Sept 11, 2017 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:7957
votes: 572


Fortunately they had a team of lawyers put their initial TOS together, so no matter what happens, there are limitations pre-imposd.

Might be a heads up for those taking personal info to review their TOS to limit any future liabilities.
6:48 am on Sept 11, 2017 (gmt 0)

Senior Member from FR 

WebmasterWorld Senior Member henry0 is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Apr 19, 2003
posts: 4423
votes: 9


i'm sure i'd not want to give them any more data.


Well, I entered their updated look up software, it looks like I could be among those exposed.
So what could be the difference since I am already in?
7:23 am on Sept 11, 2017 (gmt 0)

Administrator from US 

WebmasterWorld Administrator not2easy is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Dec 27, 2006
posts:3514
votes: 194


I've seen reports that people typed in bogus data and were assured that they might be affected. If you have applied for a credit report there is a higher possibility that you could be in the exposed group. If you are concerned or if you just don't want to worry about it you can place a freeze on your credit reports by visiting each of the reporting agencies. I have read that it takes about 15 minutes to freeze your credit reports at each agency. If you decide to apply for credit after that you would need to go back and unfreeze the reports, so it is important to keep your records up to date.

Finding where to deal with it could take some time, I got this list from an article at the NYTimes:
https://www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDInfo.jsp
https://www.experian.com/freeze/center.html
https://www.transunion.com/credit-freeze/place-credit-freeze
https://www.innovis.com/personal/securityFreeze
10:23 am on Sept 12, 2017 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:24932
votes: 644


Reuters are reporting that there are at least 30 Class Action lawsuits filed in the United States against Equifax Inc.
[reuters.com...]

Also, ZDNet has discovered the Equifax site used to set up credit account monitoring is also vulnerable to hackers.
The site is vulnerable to a cross-site scripting (XSS) attack, which lets an attacker run malicious code on a legitimate website or web application, such as Equifax's site. Equifax's credit report monitoring site is also vulnerable to hacking [zdnet.com]
8:53 pm on Sept 12, 2017 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:7957
votes: 572


Equifax has removed a clause from the Terms of Use section of the website set up to help victims of the company’s data breach that previously barred victims from suing Equifax if they used the company’s services.


[breitbart.com...]

Perhaps in answer to the looming threat of class action lawsuits.
9:48 pm on Sept 12, 2017 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member ken_b is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Oct 5, 2001
posts:5812
votes: 95


Equifax's credit report monitoring site is also vulnerable to hacking

Oh goodie! let me sign right up!
9:54 pm on Sept 12, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:10393
votes: 597


Oh goodie! let me sign right up!
Well that's just it, you don't sign up.

They create accounts on you without your knowledge or permission. They list all your sensitive information, who you've ever owed money to, how often you paid your bills & to whom, whether you own a home, your credit card info.... you have no choice in this.

That needs to change IMO.
6:27 am on Sept 13, 2017 (gmt 0)

Senior Member from FR 

WebmasterWorld Senior Member henry0 is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Apr 19, 2003
posts: 4423
votes: 9


That's why I said earlier it won't change anything (Signing in or not)
when I did it I have seen all my financial BG exposed. Note: Before this I never signed anything with them..
4:34 pm on Sept 14, 2017 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:24932
votes: 644


This story is going to run and run.

Initial investigations indicate it was a failure to install an update to an Apache bug that was patched in March.
[arstechnica.com...]

The F.T.C. has said it's investigating the data breach.
“It’s one of the most egregious examples of corporate malfeasances since Enron,” Schumer said, calling Equifax’s treatment of consumers afterward “disgusting” and its inability to protect data “deeply troubling.” FTC probes Equifax; top Democrat likens it to Enron [reuters.com]


The big problem is the sensitivity of the data, which, as keyplyr indicates, is held on you whether you want it or not. Now the FTC is involved i'm certain the regulations will change. Sadly, the horse has bolted.

I can liken this to a data breach elsewhere and I remember the CEO responding with flippant remarks, which to me were deeply insulting. This could easily happen again with this data breach, but it'll be far worse considering the type of data it holds holds.
6:56 pm on Sept 14, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:10393
votes: 597


Several execs are said to have dumped stock just days prior to the public announcement of the breach.
10:36 am on Sept 15, 2017 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:24932
votes: 644


Oh dear, that won't bode well for them if they did do that.
8:44 pm on Sept 15, 2017 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:7957
votes: 572


They did. Claiming they didn't know about the breach a few days before they sold.
5:38 pm on Sept 16, 2017 (gmt 0)

Junior Member from US 

5+ Year Member

joined:Dec 23, 2008
posts:153
votes: 4


Only serves to highlight the need to change your passwords, address,
first and last names, and social security number every ninety days
7:00 pm on Sept 16, 2017 (gmt 0)

Senior Member from FR 

WebmasterWorld Senior Member henry0 is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Apr 19, 2003
posts: 4423
votes: 9


Changing SS, are you serious? !

Sequential numbers assigned to members of the same family are causing problems;

More than one person is assigned or using the same number;

A victim of identity theft continues to be disadvantaged by using the original number;

There is a situation of harassment, abuse or life endangerment; or

An individual has religious or cultural objections to certain numbers or digits in the original number. (We require written documentation in support of the objection from a religious group with which the number holder has an established relationship.)
7:43 pm on Sept 16, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:10393
votes: 597


Only serves to highlight the need to change your passwords, address, first and last names, and social security number every ninety days
Ha ha
1:13 pm on Sept 18, 2017 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:24932
votes: 644


Nice one Jonsey. hehehe

Some of the executives have now moved on.
The chief information officer and chief security officer have both stood down.
[bbc.co.uk...]

Yeah, this is one of those breaches that'll keep giving for years to come. Hackers will have a rich treasure trove of info to work on, and consumers may be some way down the line before they realise what's going on: Identity theft is the most likely result.
It's very serious.
4:14 pm on Sept 18, 2017 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Mar 7, 2003
posts: 1079
votes: 9


Always fun. Now what? Not sure my credit's any good anywho.
10:34 am on Sept 19, 2017 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:24932
votes: 644


chewy , it's the identity theft which will become the problem in the future.

It seems Equifax had another breach in March, according to "people familiar with the matter."
[bloomberg.com...]
In a statement, the company said the March breach was not related to the hack that exposed the personal and financial data on 143 million U.S. consumers, but one of the people said the breaches involve the same intruders.
12:06 pm on Sept 19, 2017 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:11134
votes: 115


interesting implementation of the site to "check potential impact", linked to from the equifaxsecurity2017.com site mentioned above:
https://trustedidpremier.com/eligibility/eligibility.html

the secure certificate for the site notes that "This website does not supply ownership information." which doesn't engender trust.

whois -h whois.godaddy.com trustedpremierid.com

Domain Name: trustedpremierid.com
Registrar URL: http://www.godaddy.com
Registrant Name: mike davis
Registrant Organization: ioactive
...


not equifax...

Mike Davis [linkedin.com] is Principal Research Scientist and Director of Embedded Systems Security for IOActive, "the only security consultancy with a global presence and deep expertise in hardware, software, and wetware assessments".

https://www.wired.com/story/equifax-breach-no-excuse/ [wired.com]
The vulnerability that attackers exploited to access Equifax's system was in the Apache Struts web-application software, a widely used enterprise platform. The Apache Software Foundation said in a statement on Saturday (when rumors swirled that the March Struts bug might be to blame) that, though it was sorry if attackers exploited a bug in its software to breach Equifax, it always recommends that users regularly patch and update their Apache Struts platforms. "Most breaches we become aware of are caused by failure to update software components that are known to be vulnerable for months or even years," René Gielen, the vice president of Apache Struts, wrote.

the site that Equifax set up in response to address questions and offer free credit monitoring was itself riddled with vulnerabilities.

[edited by: phranque at 12:23 pm (utc) on Sep 19, 2017]

12:22 pm on Sept 19, 2017 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:11134
votes: 115


also revealed in the bloomberg article linked in engine's post above is that equifax cfo john gamble dumped ~$2M of equifax stock on may 23 in addition to the previously known ~$1M stock sale in early august.

it might not be insider trading...
8:29 pm on Sept 19, 2017 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Mar 7, 2003
posts: 1079
votes: 9


yes, the identity theft is indeed the issue - but how on earth do you TRULY protect that besides going totally off-grid and using coconuts for money, never flying, not owning nor driving a car, never getting near a camera or TV, never using the web, never using the darn Post Office or IRS? And lately I understand my refrigerator is spying on me. What next?

I suppose I could wear funny eyebrows and a disguise, but how do you know the guy you bought it from isn't snapping your pic?

If someone really wants to steal one's identity, I'm not sure there's much anyone can really do.

Besides, won't the bad guys pick on far more interesting, higher net worth people than one nearly-poor dude like me?
This 35 message thread spans 2 pages: 35
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members