Equifax can't seem to get anything right. After exposing the personal information of potentially 143 million Americans to hackers,Deborah Driggs Archives the credit reporting agency is under fire yet again for the way it attempted to secure the credit reports of those affected. It turns out that process, too, was vulnerable to cybercriminals.
Now, the company is scrambling to fix what can only be called a bungled response to the data breach. For some victims, it might even be too late.
SEE ALSO: Twitter is *not having* Equifax's response to that massive hackThe problem lies in how Equifax went about implementing credit freezes — something consumers worried about identity theft and fraud should implement. Essentially, if you request a credit freeze, Equifax will no longer send out credit reports to those who request it. That means if someone tries to open up a credit card in your name, the issuing bank won't be able to get a hold of your credit report. As such, they will deny the fraudulent application.
But what happens if and when you decide that you need a new credit card? Well, then, you simply put in an unfreeze request and validate that it's actually you (and not the aforementioned criminal) with a PIN provided by Equifax. Except, here's the thing: The PIN wasn't randomly generated. Instead, it was a timestamp based upon when you asked for the credit freeze.
And you guessed it: those PINs are vulnerable to being brute-forced by hackers.
This Tweet is currently unavailable. It might be loading or has been removed.
In other words, if someone had your social security number and tried to do something shady — only to find your credit was frozen — they could unfreeze it by guessing your PIN. Not too hot, right?
This Tweet is currently unavailable. It might be loading or has been removed.
The company is taking a lot of criticism for this online, and a spokesperson told Ars Technicathat it would change the process by which PINs are generated.
"While we have confidence in the current system, we understand and appreciate that consumers have questions about how PINs are currently generated," explained the spokesperson. "We are engaged in a process that will provide consumers a randomly generated PIN. We expect this change to be effective within 24 hours."
But what if you already received one of the shady PINs? Well then, you can request that Equifax change your existing one. Which, considering how badly the company has handled pretty much every aspect of this breach, is sure to go over flawlessly.
Topics Cybersecurity
Best keyboard deals: Save on Asus gaming keyboards at Amazon
Don't put words in J.K. Rowling's mouth or she will Tweet you into oblivion
The ACLU is fighting Facebook over a strong law on facial recognition
'Life
Parental Controls: How to Lock Down Your Kids' iOS Devices
Office shoes will make your nine
This smiley dog taking a bath will brighten anyone's day
Apple's new app review guidelines allows gifting for in
The Amazon Book Sale is coming April 23 through 28
Dude makes new friend after dialing wrong number on FaceTime
The Anatomy of Liberal Melancholy
Thank you, podcast gods, for the 15
Apple's new app review guidelines allows gifting for in
How a handful of conspiracists pushed faux Clinton health concerns into the mainstream
Mary Shows Up
13 activists who gave us hope in 2018
Facebook gave companies deeper access to user data than it let on: report
Slack is banning some users who have visited Iran and other countries
Things Intel Needs to Fix
Facebook is reportedly working on its own cryptocurrency
Elon Musk says Tesla Semi trucks are BAMFsNigeria's women's bobsled team qualified for the Winter OlympicsRussell Simmons accused of sexually assaulting a 17Please enjoy Pharrell's very cringeworthy song to celebrate China's biggest shopping dayEverything you need to know about the OnePlus 5TFacebook's 'Trust Indicators' is another small, small step in its fake news battle5 questions we still have about the Tesla SemiSelfie tourism is killing these incredibly cute creaturesSecurity researchers found some glaring Amazon Key vulnerabilitiesPhiladelphia grandfather buried with two of his beloved cheesesteaksElon Musk shocks with new Tesla RoadsterLondon theatre receives 20 claims of inappropriate behaviour by Kevin SpaceyJunior league goalie scores on an empty net and his team goes wildWant to make music on Spotify? A new acquisition could make it possible.Complimentary tote bags are killing us slowly, quietly, one by oneThe 8 best poop stories of 2017Ivanka Trump's website has some very weird ideas for your ThanksgivingRussell Simmons accused of sexually assaulting a 17Facebook's 'Trust Indicators' is another small, small step in its fake news battleAustralia launches project to plant the world's largest urban vineyard Recapping Dante: Canto 12, or A Concerned Parent Contacts the FCC by Alexander Aciman First Position by Yona Zeldis McDonough Troy to Ithaca by Sadie Stein Harry Potter Looks Different, and Other News by Sadie Stein Lysley Tenorio’s Window on the World Jane Austen Sells, and Other News by Sadie Stein Updike on Free Parking by Sadie Stein Apollinaire on Trial, and Other News by Sadie Stein Golden by Sadie Stein Animating the Diary, and Other News by Sadie Stein Franzen on Kraus: Footnote 18 by Jonathan Franzen Playing DFW, and Other News by Sadie Stein Amazing Headline Alert by Sadie Stein The Morning Roundup for January 16, 2014 Congratulations to Jonathan Franzen for his National Book Critics Circle award nomination Comedies Are Too Depressing, and Other News by Dan Piepenbring Anthony Cudahy Lost in Translation: Notes on Adapting Ballard Charmed, I’m Sure by Sadie Stein Many Happy Returns, Penelope Fitzgerald by Sadie Stein
2.4098s , 8224.8359375 kb
Copyright © 2025 Powered by 【Deborah Driggs Archives】,Defense Information Network