Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Equifax Hackers Enjoyed Leisurely Tour Inside Your Credit History

    Written by

    Wayne Rash
    Published September 22, 2017
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      When Equifax announced Sept. 7 that about 143 million consumer credit records had been breached hackers, it was telling only part of the story. What Equifax didn’t say at the time was that the hackers could leisurely explore the records for nearly five months.

      The company also didn’t publicly admit at the time that these hackers had apparently breached the company network a few months previously.

      There was a lot that Equifax didn’t disclose, including the fact that it had delayed making official notification of the breach by six weeks and that the company had never revealed the earlier breaches at the time they occurred.

      Equifax had reportedly been breached at least three other times previously. So far the company has offered no explanation for the delays or for the lack of notice regarding earlier breaches.

      One possible reason that the company didn’t mention the earlier breaches is that its highly inept security team didn’t know the company had been breached. Or it may be that Equifax security executives simply didn’t know they were legally required to report such breaches of private information.

      When the hackers broke in to Equifax, they apparently found no real security. In one instance, the password to get in was “admin” which worked well with the user name, which was also “admin.”

      In another instance, according to security researcher Brian Krebs, authentication was based on a user logging in with their email address and on that system, all email addresses were composed of the first initial and last name of the user.

      By now you probably know that the executives in charge of security at Equifax have been fired, which almost doesn’t matter, because it’s hard to imagine that things could get any worse than they already were. Who knows, they might have done less damage than the executives who tried to manage the response by among other things, sending customers seeking help to a fake website.

      In fact, where Equifax customer support employees were sending customers to check if they were breached was a website made to look like the official site, but which was in fact a fake phishing site. By now you’re probably wondering what a fake phishing site is, and I’ll get to that in a moment.

      But first, what happened is that Equifax created a new site with a domain outside of the normal Equifax site called www.equifaxsecurity2017.com. The fact that it was outside of Equifax meant that it was easier for hackers to set up bogus sites that take advantage of typos and misunderstandings. One such site was www.securityequifax2017.com.

      As it happens, securityequifax2017 is the site that was being given out by Equifax support staff. That’s a fake site.

      If there’s any good news in all of this, it’s that the fake site was created by software engineer Nick Sweeting in an effort to educate consumers and others about phishing sites rather than to steal information. Sweeting’s site has since been blocked as a phishing site, but if you manage to reach past the block, you’ll see that it’s been taken down. Apparently, he’s made his point.

      Meanwhile, Equifax has been thrashing about, trying to find some way to manage its response. One of those ways has been to offer free credit monitoring for those foolish enough to trust Equifax. Another has been to stop charging for credit security freezes.

      But those free security freezes are only good for 30 days. After that, if you want to place a freeze on your credit with Equifax, it’ll cost you ten dollars. But then, Equifax tried to charge the same ten dollars for a credit freeze right after the breach was revealed. Comedian Stephen Colbert explained how this works in his show on Sept. 21. “They made you pay them to protect you from them,” he said. “That’s not a credit rating agency. That’s the Mafia!”

      Except, of course, the Mafia has far better security than Equifax has ever had.

      Meanwhile, the ripples from the Equifax catastrophe continue to spread. People everywhere will need to place a credit freeze on their account with each of the credit bureaus. Even if you checked with the Equifax site and found that your credit wasn’t compromised, you still need to put a freeze on the account, because otherwise you’re depending on Equifax to know what they’re doing.

      Credit for consumers will start to dry up. Companies that send out those credit offers by mail or email won’t be able to see a credit report, so maybe they’ll stop sending out those offers. That might be a good thing. But it will also complicate, ad hoc credit transactions, such as when you decide on the spur of the moment to buy that 85-inch 4K television because it won’t happen without planning and releasing the security freeze.

      Likewise you may find hiring delayed because access to applicants’ credit records has been frozen. Your employees may find it hard to get housing because they can’t rent an apartment with frozen credit and you may find other parts of your business impacted, depending on how your company depends on the credit market.

      Equifax, for its part, has lost the public’s confidence. While it’s unlikely that anyone at Equifax will suffer any consequences beyond job loss, it’s going to be facing a level of suspicion as consumers become more reluctant to trust the company with anything of importance.

      Wayne Rash
      Wayne Rash
      https://www.eweek.com/author/wayne-rash/
      Wayne Rash is a content writer and editor with a 35-year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He is the author of five books, including his most recent, "Politics on the Nets." Rash is a former Executive Editor of eWEEK and a former analyst in the eWEEK Test Center. He was also an analyst in the InfoWorld Test Center and editor of InternetWeek. He's a retired naval officer, a former principal at American Management Systems and a long-time columnist for Byte Magazine.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×