Experian API Exposed Credit Scores of Most Americans

Credit to Author: BrianKrebs| Date: Wed, 28 Apr 2021 20:47:02 +0000

Big-three consumer credit bureau Experian just fixed a weakness with a partner website that let anyone look up the credit score of tens of millions of Americans just by supplying their name and mailing address, KrebsOnSecurity has learned. Experian says it has plugged the data leak, but the researcher who reported the finding says he fears the same weakness may be present at countless other lending websites that work with the credit bureau.

Read more

Experian’s Credit Freeze Security is Still a Joke

Credit to Author: BrianKrebs| Date: Mon, 26 Apr 2021 21:58:24 +0000

In 2017, KrebsOnSecurity showed how easy it is for identity thieves to undo a consumer’s request to freeze their credit file at Experian, one of the big three consumer credit bureaus in the United States.  Last week, KrebsOnSecurity heard from a reader who had his freeze thawed without authorization through Experian’s website, and it reminded me of how truly broken authentication and security remains in the credit bureau space.

Read more

Confessions of an ID Theft Kingpin, Part I

Credit to Author: BrianKrebs| Date: Wed, 26 Aug 2020 18:39:53 +0000

At the height of his cybercriminal career, the hacker known as “Hieupc” was earning $125,000 a month running a bustling identity theft service that siphoned consumer dossiers from some of the world’s top data brokers. That is, until his greed and ambition played straight into an elaborate snare set by the U.S. Secret Service. Now, after more than seven years in prison Hieupc is back in his home country and hoping to convince other would-be cybercrooks to use their computer skills for good.

Read more

Why & Where You Should Plant Your Flag

Credit to Author: BrianKrebs| Date: Wed, 12 Aug 2020 14:18:09 +0000

Several stories here have highlighted the importance of creating accounts online tied to your various identity, financial and communications services before identity thieves do it for you. This post examines some of the key places where everyone should plant their virtual flags.

Read more

Why & Where You Should You Plant Your Flag

Credit to Author: BrianKrebs| Date: Wed, 12 Aug 2020 14:18:09 +0000

Several stories here have highlighted the importance of creating accounts online tied to your various identity, financial and communications services before identity thieves do it for you. This post examines some of the key places where everyone should plant their virtual flags.

Read more

MyEquifax.com Bypasses Credit Freeze PIN

Credit to Author: BrianKrebs| Date: Fri, 08 Mar 2019 16:12:38 +0000

Most people who have frozen their credit files with Equifax have been issued a numeric Personal Identification Number (PIN) which is supposed to be required before a freeze can be lifted or thawed. Unfortunately, if you don’t already have an account at the credit bureau’s new myEquifax portal, it may be simple for identity thieves to lift an existing credit freeze at Equifax and bypass the PIN armed with little more than your, name, Social Security number and birthday.

Read more

Scanning for Flaws, Scoring for Security

Credit to Author: BrianKrebs| Date: Wed, 12 Dec 2018 19:25:14 +0000

Is it fair to judge an organization’s information security posture simply by looking at its Internet-facing assets for weaknesses commonly sought after and exploited by attackers, such as outdated software or accidentally exposed data and devices? Fair or not, a number of nascent efforts are using just such an approach to derive security scores for companies and entire industries. What’s remarkable is how many organizations don’t make an effort to view their public online assets as the rest of the world sees them — until it’s too late.

Read more

Credit Freezes are Free: Let the Ice Age Begin

Credit to Author: BrianKrebs| Date: Fri, 21 Sep 2018 16:31:43 +0000

It is now free in every U.S. state to freeze and unfreeze your credit file and that of your dependents, a process that blocks identity thieves and others from looking at private details in your consumer credit history. If you’ve been holding out because you’re not particularly worried about ID theft, here’s another reason to reconsider: The credit bureaus profit from selling copies of your file to others, so freezing your file also lets you deny these dinosaurs a valuable revenue stream.

Read more