New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Some organisations must surely have the details of practically everyone alive in the Western world.
I think it's great. I hope a few more security breaches happen so that the general population takes privacy more seriously.
Hopefully.
Outdated Apache Struts. Keeping software up to date is one of the most basic things for security and they didn't even bother. Hilarious
Can't catch a break... first the OPM breach a couple of years ago, now the Equifax breach...
SSN's shouldn't be authenticators. Sure, SSN + DOB = a unique identifier, but by no means should just these two pieces of information determine if the end user is you.
I'd suggest all U.S. citizens freeze their credit to avoid any damage as a result of this. Currently fees from all three credit bureaus are being waived.
Equifax: https://www.freeze.equifax.com/Freeze/Freeze.htm
TransUnion: https://freeze.transunion.com/sf/securityFreeze/landingPage.jsp
Experian: https://www.experian.com/ncaconline/freeze
Just got through freezing up my Wife's and my own credit.
I don't think they're that advanced considering they kept SSN and passwords in plain text.
"Oops"
There hasn't been an xhamster breach, has there?
Asking for a friend.
How ironic.
Yeah.. They're getting slammed with requests right now. Took me a few tries to finally get it to go through (tried once every few hours).
Not yet! But I hear their hamsters have chewed through their internet wires on a couple occasions.
Probably the best coverage is by Krebs, and he has clear information on what to do as well.
Somebody must go to to jail and pay for this shit. Exec's are retiring while they can right now.
Well, companies have gotten away with much worse.. so.
I understand shit happen from time to time , etc. But this is literally getting virtually raped. Well shit, getting physically raped.
Is not as simple as a credit card which you just cancel /reissue with a different number, in this case is your credit cards, the latest 7 years of financial history which includes where you live or had live, every credit request, every debt you have, your social security, your complete full name, where do you work, driver license, probably birth certificate in some cases, etc.
In summary is the most complete cluster fuck that can happen. It can't be worst and everyone is chilling .
@Hxxx If identity theft happens, Equifax will have a fun time helping hundreds of thousands of people. I personally can't check my own because I'm Canadian.
Who would've thought: Canadians are left out again.
I've heard Canada is a great place to live. Is that ~true or?
Patch Your Apache Promptly...
http://www.zdnet.com/article/equifax-confirms-apache-struts-flaw-it-failed-to-patch-was-to-blame-for-data-breach/
Sorry to disappoint some but: the population will never take IT security seriously.
For (at least) 2 reasons:
The first one has been demonstrated again and again and I'm not even talking about the time since Snowden. Those who do care usually care in terms of "OK, I'll spend 29$ more per year for some [snakeoil]'security' app or service because security is important to me".
Short and brutal version: About 99% confuse security and authority with authority either meaning state or large corp or (perceived as) security specialist company.
As for equifax my take is that they are - just like most other large corps - a bunch of ignorant assholes whose bean counting managers coldly calculated that a super disaster every 10 or so years is way cheaper than running an adequately professional operation.
Oh and btw: people? Who cares a fuck about them.
For (at least) 2 reasons:
Another would be that they think they're covered when they have bank, CC, or other financial insurance.
More to that point: Equifax CEO Hired a Music Major as the Company's Chief Security Officer
Hmmm, that needn't mean a lot. For one it's long known that musical talent and mathematical talent often goes hand in hand. Also, Susan Mauldin (the equifax ciso) had other jobs in IT and banking for many years.
Well noted, I don't mean to white wash her but simply looking at all angles.
I'll stick to what I've said.
-
Is all peaches and cream until somebody take a loan in your name.
I'm a little lad that loves berries and cream!
They put as much effort into security as you have a thread.
Clean air is about the only thing you'll have. (apart from the aging nuclear station 40km from me, I feel safe)
Just to clarify, I CAN check my score, just not for free. Equifax = jerks
Doesn't make much sense why they aren't required to have some kind of security standard so its at least HARDER to fuck up by being this stupid.
It does but you have to take a step back from accepted norms. As a culture, at least in the US, we've built a framework around these financial institutions that we think we're required to participate in. To be frank, it isn't true. They've grown into the system so deeply that not being a part of it will inconvenience you greatly, but you can exist outside of the private credit/banking system. A big problem is that you're highly likely to be a part of it before you realize that you don't have to be, because no public school (and likely no private school) is going to tell you that.
See also: Trying to register a social media account without giving up your phone number.