Equifax Hackers Enjoyed Leisurely Tour Inside Your Credit History

When Equifax announced Sept. 7 that about 143 million consumer credit records had been breached hackers, it was telling only part of the story. What Equifax didn’t say at the time was that the hackers could leisurely explore the records for nearly five months.

The company also didn’t publicly admit at the time that these hackers had apparently breached the company network a few months previously.

There was a lot that Equifax didn’t disclose, including the fact that it had delayed making official notification of the breach by six weeks and that the company had never revealed the earlier breaches at the time they occurred.

Equifax hack

Equifax had reportedly been breached at least three other times previously. So far the company has offered no explanation for the delays or for the lack of notice regarding earlier breaches.

One possible reason that the company didn’t mention the earlier breaches is that its highly inept security team didn’t know the company had been breached. Or it may be that Equifax security executives simply didn’t know they were legally required to report such breaches of private information.

When the hackers broke in to Equifax, they apparently found no real security. In one instance, the password to get in was “admin” which worked well with the user name, which was also “admin.”

In another instance, according to security researcher Brian Krebs, authentication was based on a user logging in with their email address and on that system, all email addresses were composed of the first initial and last name of the user.

By now you probably know that the executives in charge of security at Equifax have been fired, which almost doesn’t matter, because it’s hard to imagine that things could get any worse than they already were. Who knows, they might have done less damage than the executives who tried to manage the response by among other things, sending customers seeking help to a fake website.

Loading ...
In fact, where Equifax customer support employees were sending customers to check if they were breached was a website made to look like the official site, but which was in fact a fake phishing site. By now you’re probably wondering what a fake phishing site is, and I’ll get to that in a moment.
But first, what happened is that Equifax created a new site with a domain outside of the normal Equifax site called www.equifaxsecurity2017.com. The fact that it was outside of Equifax meant that it was easier for hackers to set up bogus sites that take advantage of typos and misunderstandings. One such site was www.securityequifax2017.com.

As it happens, securityequifax2017 is the site that was being given out by Equifax support staff. That’s a fake site.

Originally published on eWeek

Continues on Page 2…

Page: 1 2

Wayne Rash

Wayne Rash is senior correspondent for eWEEK and a writer with 30 years of experience. His career includes IT work for the US Air Force.

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

2 days ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

3 days ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

3 days ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

3 days ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

3 days ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

3 days ago