Equifax customer service has been directing victims to a fake phishing site

[c0nvct]

broke into Equifax's serversequifaxsecurity2017.com. It was an easy mistake to make, but the result sent the user to a site with no connection to Equifax itself. Equifax deleted the tweet shortly after this article was published, but it remained live for nearly 24 hours.

Original Article here:
https://www.theverge.com/2017/9/20/16339612/equifax-tweet-wrong-website-phishing-identity-monitoring

 

[Genesis]

I just checked as I didn't know who Equifax was - but WOW - this is brutal and probably any organization and the people subscribing's worst nightmare! :mega_shock:

Guess the bottom line is to try and keep out of the radar eye as much as one can. But Banks are ironically making it more and more difficult to stay private. They want to verify all of one's most detailed up to date info all of the time. Nice easy prey for mischief makers.

Equifax Inc. is a consumer credit reporting agency. Equifax collects and aggregates information on over 800 million individual consumers and more than 88 million businesses worldwide.

 

[Yozora]

Wow, That's awful news c0nvct! It feels like no company with a website is safe nowadays...

 

[rrroberts]

Wow, That's awful news c0nvct! It feels like no company with a website is safe nowadays...

Equifax did it to themselves out of shear incompetence (have been following this). Their computer security head has a Music degree w/ very little computer experience (she has since resigned). A few years ago Equifax outsourced their IT to InfoSys (

), which has a notorious record (Equifax replaced their in-house staff w/ inexpensive visa workers, a growing problem in the U.S.; at 1 time visa workers served a valid need but the program has been severely abused).

Just prior to the announcement of the May hack, several Equifax executives sold their stock.

The hackers didn't just access the DB, they were actually able to run Equifax s/w which access the DB. There was a report that 1 of Equifax's servers had the default admin/admin login/password.

Please note: I am not a raving anti-immigrant. However, U.S. corporations are abusing immigrant labor, non-immigrant guest labor, and American labor simply to drive down wages, reduce costs, and increase profits.

 

[c0nvct]

Sadly Equifax is a huge credit reference and scoring company, their data is sensitive. To hear that a company with this kind of data is run this way is shocking. We're always playing cat and mouse with the black hats for sysAdmins to be this incompetent is beyond belief! I've educated so many people about passwords for personal stuff.

I'll put up a tutorial I've written on how to add and use SSH keys on a VPS to the GR blog very soon.

 

[rrroberts]

I'll put up a tutorial I've written on how to add and use SSH keys on a VPS to the GR blog very soon.

Excellent idea on the tutorial, I'll be looking forward to it, thank you, could use the learning (former HP3000 MRP/EDI programmer, "only" dabble in home LANs, HTML, etc).

Will Gigarocket News & Announcements when done?

I tend to view security as multi-layers to slow unauthorized access, there isn't such a thing as absolute security unless you disconnect. Every layer you can throw in buys time.

 

[Genesis]

Sadly Equifax is a huge credit reference and scoring company, their data is sensitive. To hear that a company with this kind of data is run this way is shocking.

Problem is that the assistants and call agents who are in their employ sometimes act without any awareness of how sensitive the information is that they are extracting from clients. They do it daily and so often that they have become completely desensitized to the point of just not caring as much. They also act very authoritative to the point that they may refuse assistance if the most secure information isn't given to them on the phone.

I have it in South Africa presently that for me to ask for support for my Internet I have to give my ID number on phone. Key to my account is my ID number. It is everyone's prime number. You can't imagine the cross linking there is happening with other large service providers. I'm convinced that if one goes rotten and people get hold of the Internet service provider personal information that it would also reverberate through all of the other providers. The mischief makers would have access of all other accounts with the number.

I remember in Canada - and I hope it is still the case - the giving of one's social security number was something one could refuse except of course for the Government. Linking the social security number with other accounts one could refuse. I sincerely hope it is still the case.

 

[Johnluke]

This is extremely horrible and makes me think of the well being of the world. If soo much information was stole from something as serious as this, it will be a potentially economy wreaking event. This just kind of scary to think about if you've ever had anything whatsoever to do with it. The best course of action here would be to catch who ever did it, before they start spreading it online to other people. That's the only way we can put this aside of us.