Skip to content

hack

Equifax Hack

Quote

“Stand up who HASN’T been hit in the Equifax mega-hack – whoa, whoa, sit down everyone” 143m in US, unknown number in UK, Canada – gulp!

Global credit reporting agency Equifax admitted today it suffered a massive breach of security that could affect almost half of the US population.

In a statement, the biz confessed that hackers managed to get access to some of its internal data in mid-May by exploiting a vulnerable website application. They remained on the system until they were discovered on July 29. Equifax has called in the FBI and is in contact with regulators in other countries about the case.

CEO Richard Smith said that the company’s core consumer and commercial credit reporting databases were untouched – only the names, social security numbers, birth dates, addresses and, in some instances, driver’s license numbers of 143 million Americans were exposed.

Oh, so is that good news? Only 143mil? These are foilks that are SOPPOSED to get security right in the first place! What bozos!

In response to the debacle, Equifax is offering every US citizen a year’s free identity theft monitoring for those who apply, and has set up a dedicated call center and website to handle information requests from worried consumers. It will also mail notifications to everyone who lost data in the incident.

Yes, the identity theft detection service will be supplied by… Equifax. And if you want to check you’re affected by the mega-hack, you have to supply your last name and last six digits of your social security number. To an outfit that just lost your social security number. Which is no use to peeps in the UK or Canada.

Great comment

‘We pride ourselves on being a leader in managing and protecting data’

Really, you do do you.

I pride myself at being good at detecting bullshit, the needle moved a bit at that statement.

It should have moved off the scale and bent the needle, but I’ve recently re-calibrated it.

Big data breaches found at major email services

Quote

Hold Security, a Wisconsin-based security firm famous for obtaining troves of stolen data from the hacking underworld, announced that it had persuaded a fraudster to give them a database of 272m unique email addresses along with the passwords consumers use to log in to websites. The escapade was detailed in a Reuters article.

It might sound bad, but it is also easily mitigated.

The passwords and email addresses, which include some from Gmail, Yahoo and Russia’s mail.ru service, aren’t necessarily the keys to millions of email accounts. Rather, they had been taken from various smaller, less secure websites where people use their email addresses along with a password to log in.

People who use a different password for both their email account and, say, Target.com, won’t be affected. But those who tend to use the same password for multiple sites as well as their email should change their email password.

“Some people use one key for everything in their house,” Hold Security founder Alex Holden says. “Some people have a huge set of keys that they use for each door individually.”

Holden said there is no way for consumers to check if their emails were included in his firm’s latest find. In 2014, when his firm tried to set up such a service after obtaining a billion hacked login credentials, his site crashed.

Sad to say, despite all tools available like password databases, people are real stupid when it comes to passwords. The takeaway from this is that you need to use a different password for each site. If the site allows it, use a different user name also. There is no excuse.