Equifax hack September 2017 ( Phucking Phishers )

Started by Darren Dirt, September 11, 2017, 02:29:45 PM

Previous topic - Next topic

Darren Dirt

https://www.equifaxsecurity2017.com/

cf. https://en.wikipedia.org/wiki/Equifax#Security_breach

https://twitter.com/hashtag/Equifax?src=hash

(and lots of social media is pointing out that the same parent company** also owns the other 2 of the Big Three of credit reporting/rating/ControlYourDamnLife service companies) (sigh)


**not sure if true, though. Wikipedia does not clearly state this. Unlike the little-talked-about eyeglasses/optician monopoly known as https://en.wikipedia.org/wiki/Luxottica

https://en.wikipedia.org/wiki/Experian

https://en.wikipedia.org/wiki/TransUnion

_____________________

Strive for progress. Not perfection.
_____________________

Darren Dirt

#1
PS: "want to find out if your info was taken etc? Sign up here with a promise not to sue us!"
https://twitter.com/CNET/status/906209278847045632

^ in other words, they want to offer you peace of mind at the tiny price of YOUR SILENCE.


https://twitter.com/SwiftOnSecurity/status/907277083583414272
(09Sep2017) "Equifax is potentially going to be biggest InfoSec stories of all time, it's a feeding frenzy for any scrap. Becomes rumor feedback loop."

(09Sep2017) "After information security incidents or system distributions, there are routinely multiple claims from anonymous nobody's. It's meaningless."

(11Sep2017) "Claimed Equifax hackers on the dark web are fake posers"

So... still gotta play the waiting game to see what/who actually happened. [Archer]Hooray...[/Archer]

_____________________

Strive for progress. Not perfection.
_____________________

Thorin

Yeah, it's a cluster@%&#.  Just as bank and credit card companies are starting to bring the "check your credit score for free" functionality to Canada, Equifax US shows just how much infosec matters.
Prayin' for a 20!

gcc thorin.c -pedantic -o Thorin
compile successful

Mr. Analog

It has to be the top priority really, I saw an article blaming open source software but honestly it doesn't matter if you use OSS or closed source a company like EquiFax should be constantly pen testing their software AND their processes.

It's always kind of terrifying when I see 30% of a company fall for an obvious phishing attempt via an internal security test
By Grabthar's Hammer

Darren Dirt

So like HALF of Americans are likely impacted. Pretty sure that means ditto for Canucks.

https://www.theverge.com/2017/9/11/16290730/equifax-chatbots-ai-joshua-browder-security-breach

So let a chatbot sue the bastards ;)
_____________________

Strive for progress. Not perfection.
_____________________

Mr. Analog

I already know one guy who's been impacted by this. It doesn't help that there's absolute chaos in the SE US after the hurricane.
By Grabthar's Hammer

Darren Dirt

"If there?s anything positive to be taken away from Equifax?s security blunder, it?s that it reminds us that in a shadowy surveillance economy, we aren?t the employee or the consumer, but the product.

What?s to be done about this is up for debate -- but not one we?re allowed to have any say in."

http://www.zerohedge.com/news/2017-09-18/equifax-not-your-friend-should-everyone-freeze-their-account


...seriously, not just with Equifax, but most tech-connected "giants" (aka what used to be called virtual "monopolies") YOU ARE THE PRODUCT.
http://www.zerohedge.com/news/2017-09-18/are-facebook-and-google-new-colonial-powers
_____________________

Strive for progress. Not perfection.
_____________________