Experian Privacy Vulnerability
Brian Krebs is reporting on a vulnerability in Experian’s website:
Identity thieves have been exploiting a glaring security weakness in the website of Experian, one of the big three consumer credit reporting bureaus. Normally, Experian requires that those seeking a copy of their credit report successfully answer several multiple choice questions about their financial history. But until the end of 2022, Experian’s website allowed anyone to bypass these questions and go straight to the consumer’s report. All that was needed was the person’s name, address, birthday and Social Security number.
Clive Robinson • January 12, 2023 9:34 AM
@ ALL,
Re : When Personal is Public.
As far as I remember in the US all of those personal details are available online in one way or another already.
The fact that “all data brokers” not just the big three that includes Experian know this will not of course change the remediation from the stabdard nothing burger of,
“Use our product for a year so you can check your status”
But with that extra added poison pickle layers of,
“First enter required extra details including your mobile phone number, Email address, and all bank and financial account details.”
But also that effectively hidden small print of,
“Your account will be Auto converted to a premium paid service at the end of the year.”
Probably at 20/month… But also so that they can harangue you into paying $10/month this year so you will get sent “Text alerts” or “Email Alerts” of suspicious activity (or some other nonsense to get “new sales”)…
They then sell your info on for $50 or equivalent…
It surprises me that they are not also offering an online “Single Sign On” and “Password Manager”…