Welcome to WebmasterWorld Guest from 188.8.131.52
Forum Moderators: open
Malicious hackers won access to its systems by exploiting a "website application vulnerability", it said but provided no further details.
The hackers accessed credit card numbers for about 209,000 consumers, among other information. Security Breach at Equifax May Affect 143 Million [bbc.co.uk]
I am not sure I would want to enter my information there or not: (http://www.equifaxsecurity2017.com/)
The site is vulnerable to a cross-site scripting (XSS) attack, which lets an attacker run malicious code on a legitimate website or web application, such as Equifax's site. Equifax's credit report monitoring site is also vulnerable to hacking [zdnet.com]
Oh goodie! let me sign right up!Well that's just it, you don't sign up.
“It’s one of the most egregious examples of corporate malfeasances since Enron,” Schumer said, calling Equifax’s treatment of consumers afterward “disgusting” and its inability to protect data “deeply troubling.” FTC probes Equifax; top Democrat likens it to Enron [reuters.com]
Sequential numbers assigned to members of the same family are causing problems;
More than one person is assigned or using the same number;
A victim of identity theft continues to be disadvantaged by using the original number;
There is a situation of harassment, abuse or life endangerment; or
An individual has religious or cultural objections to certain numbers or digits in the original number. (We require written documentation in support of the objection from a religious group with which the number holder has an established relationship.)
The chief information officer and chief security officer have both stood down.[bbc.co.uk...]
In a statement, the company said the March breach was not related to the hack that exposed the personal and financial data on 143 million U.S. consumers, but one of the people said the breaches involve the same intruders.
whois -h whois.godaddy.com trustedpremierid.com
Domain Name: trustedpremierid.com
Registrar URL: http://www.godaddy.com
Registrant Name: mike davis
Registrant Organization: ioactive
The vulnerability that attackers exploited to access Equifax's system was in the Apache Struts web-application software, a widely used enterprise platform. The Apache Software Foundation said in a statement on Saturday (when rumors swirled that the March Struts bug might be to blame) that, though it was sorry if attackers exploited a bug in its software to breach Equifax, it always recommends that users regularly patch and update their Apache Struts platforms. "Most breaches we become aware of are caused by failure to update software components that are known to be vulnerable for months or even years," René Gielen, the vice president of Apache Struts, wrote.
the site that Equifax set up in response to address questions and offer free credit monitoring was itself riddled with vulnerabilities.
[edited by: phranque at 12:23 pm (utc) on Sep 19, 2017]