Identity Thieves Bypassed Experian Security to View Credit Reports

Condobloke

Condobloke

Well-Known Member
Joined
Apr 30, 2017
Messages
6,118
Reaction score
5,100
Credits
38,767
Identity thieves have been exploiting a glaring security weakness in the website of Experian, one of the big three consumer credit reporting bureaus. Normally, Experian requires that those seeking a copy of their credit report successfully answer several multiple choice questions about their financial history. But until the end of 2022, Experian’s website allowed anyone to bypass these questions and go straight to the consumer’s report. All that was needed was the person’s name, address, birthday and Social Security number.

read on
 


OP
Condobloke

Condobloke

Well-Known Member
Joined
Apr 30, 2017
Messages
6,118
Reaction score
5,100
Credits
38,767

The Scrap Value of a Hacked PC, Revisited​


A few years back, when I was a reporter at The Washington Post, I put together a chart listing the various ways that miscreants can monetize hacked PCs. The project was designed to explain simply and visually to the sort of computer user who can’t begin to fathom why miscreants would want to hack into his PC. “I don’t bank online, I don’t store sensitive information on my machine! I only use it to check email. What could hackers possibly want with this hunk of junk?,” are all common refrains from this type of user.

I recently updated the graphic (below) to include some of the increasingly prevalent malicious uses for hacked PCs, including hostage attacks — such as ransomware — and reputation hijacking on social networking forums.


Next time someone asks why miscreants might want to hack his PC, show him this diagram.

Read More
 
K

KGIII

Super Moderator
Staff member
Gold Supporter
Joined
Jul 23, 2020
Messages
9,093
Reaction score
7,713
Credits
74,241
Considering how many times Experian has been breached, I don't expect any improvement.

I read about this on HN yesterday. Basically, all you had to do was change the URL and it'd spit out the credit report for the individual without any authentication.

Something like:


Becomes:


Somewhere around here, I wrote about writing a Perl safelist script for a buddy - and it was that insecure. That was in like 1998.
 
You must log in or register to reply here.
MALIBAL Linux Laptops

Linux Laptops Custom Built for You
MALIBAL is an innovative computer manufacturer that produces high-performance, custom laptops for Linux.

For more info, visit: https://www.malibal.com

Members online

Total: 607 (members: 2, guests: 605)

Latest posts

Top