Stories
Slash Boxes
Comments

SoylentNews is people

Identity Thieves Bypassed Experian Security to View Credit Reports

posted by hubie on Thursday January 12, @11:55PM   Printer-friendly
from the self-regulation dept.
Security

owl writes:

https://krebsonsecurity.com/2023/01/identity-thieves-bypassed-experian-security-to-view-credit-reports/

Note, this content is USA centric:

Identity thieves have been exploiting a glaring security weakness in the website of Experian, one of the big three consumer credit reporting bureaus. Normally, Experian requires that those seeking a copy of their credit report successfully answer several multiple choice questions about their financial history. But until the end of 2022, Experian's website allowed anyone to bypass these questions and go straight to the consumer's report. All that was needed was the person's name, address, birthday and Social Security number.

Original Submission

This discussion was created by hubie (1068) for logged-in users only, but now has been archived. No new comments can be posted.
Identity Thieves Bypassed Experian Security to View Credit Reports | Log In/Create an Account | Top | 4 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)

  • (Score: 5, Insightful) by sjames on Friday January 13, @01:38AM (1 child)

    by sjames (2882) on Friday January 13, @01:38AM (#1286595) Journal

    So they collect often erroneous information and claim it is yours, then gossip about it to anyone who will slip them a buck, facilitate fraud by failing to secure any of it, and then claim the frauds reflect your behavior.

    Sounds like they shouldn't be allowed to exist anymore.

    • (Score: 1, Insightful) by Anonymous Coward on Friday January 13, @02:25AM

      by Anonymous Coward on Friday January 13, @02:25AM (#1286598)

      Who can prove that ANYONE slurping up personal information is actually telling the truth?
      What if some unpleasant entity is paying MORE to have misinformation spread?

  • (Score: 2) by PiMuNu on Friday January 13, @04:39PM

    by PiMuNu (3823) on Friday January 13, @04:39PM (#1286713)

    Note they had a significant data breach in 2020.

    https://infosecurity-magazine.com/news/experian-data-breach-24-million/ [infosecurity-magazine.com]

    You are the product, to them you are cattle.

  • (Score: 2) by Dr Spin on Sunday January 15, @07:41AM

    by Dr Spin (5239) on Sunday January 15, @07:41AM (#1286914)

    Surely the existence of Experian is an offence against the GDPR?

    This company should have been extinguished years ago. Its sole purpose is to obtain your personal private data and sell it to anyone who wants it.

    The fact that they leak it to anyone with a modicum of computing skills is a minor issue. The people who intend to exploit it maliciously may or may not
    prefer to pay "legitimate"* sources for the data. Its your data, and it is being sold on the open market as well as some dubious "dark web" places.

    * See Simpsons for details of "The legitimate businessmen's club"

    --
    Warning: Opening your mouth may invalidate your brain!
(1)