Equifax breach is the worst leak of personal info ever

[HVC]

How come you guys get all those fraudulent charges on your cards? Don't you get sent an SMS with a one-time code to confirm online purchases? Don't you use a pin code for purchases on a store?

no and yes. although if its a small charge you can "tap" the card and theres a chip in the card that does magic with radio signals.

[Razgovory]

Man, why do horses even need fax machines?

[Malthus]

Man, why do horses even need fax machines?

How else will they tip off the bookies?

[alfred russel]

I use two specific credit cards to pay certain bills. Each time this has happened to me - and it's happened a couple of times - those bills didn't get paid on time because my cards have been cancelled and I haven't gotten the new ones yet to pay the bill. That adds up over time.

Okay, but you could still have paid by check. Also, half my bills are paid late because I forget, and nothing bad has ever happened.

Additionally, when we ran the toffee shop, often the charge would go through initially, only to come back as a fraud charge after. The toffee would already be gone, which left us holding the bag. Plus, as we would have accounted for that sale in other ways, if it were a big order, it could leave us strapped in other ways.

Multiply all of that by 143,000,000.

Okay--so toffee shops will stop accepting credit cards.

[derspiess]

How come you guys get all those fraudulent charges on your cards? Don't you get sent an SMS with a one-time code to confirm online purchases? Don't you use a pin code for purchases on a store?

Chip technology only mitigates card-present fraud. Internet fraud is still a problem.

And there are still many millions of mag stripe-only cards that have not been replaced by chip cards.

[The Brain]

America is in the Third World when it comes to payment methods, no sane person disputes that.

[The Minsky Moment]

America is in the Third World when it comes to payment methods, no sane person disputes that.

Drug dealers around the world are grateful for it.

[Ed Anger]

I checked the equifax checker. Both me and the wife might not be affected.

I will of course not believe that. Instead I will stockpile gold and guns.

[CountDeMoney]

My Equifax credit score went down 28 points last quarter.  All because I had paid off my car loan.

Equifax Inc.
NYSE: EFX - Sep 8, 7:56 PM EDT
123.23USD Price decrease19.49 (13.66%)

How's it feel, assholes.  Fucking die.

[11B4V]

My Equifax credit score went down 28 points last quarter.  All because I had paid off my car loan.

Equifax Inc.
NYSE: EFX - Sep 8, 7:56 PM EDT
123.23USD Price decrease19.49 (13.66%)

How's it feel, assholes.  Fucking die.

It's ok they cashed out a couple months ago before they told the public.

[Ed Anger]

I hope I don't own that stock. BRB

Edit: NOPE

[CountDeMoney]

It's ok they cashed out a couple months ago before they told the public.

But wait, there's more!

In addition, CNBC commentators discussed today that an investor purchased 2,600 September put options with a strike price of $135, which are now in the money after today's nearly $20 per share drop. According to the commentators, the $156,000 investment is now worth more than $4 million.

[frunk]

I checked the equifax checker. Both me and the wife might not be affected.

I will of course not believe that. Instead I will stockpile gold and guns.

It looks like the Equifax checker is pretty random, and doesn't really tell you anything.

Equifax Breach Response Turns Dumpster Fire

As noted in yesterday's breaking story on this breach, the Web site that Equifax advertised as the place where concerned Americans could go to find out whether they were impacted by this breach — equifaxsecurity2017.com —
is completely broken at best, and little more than a stalling tactic or sham at worst.

In the early hours after the breach announcement, the site was being flagged by various browsers as a phishing threat. In some cases, people visiting the site were told they were not affected, only to find they received a different answer when they checked the site with the same information on their mobile phones.

[Iormlund]

How come you guys get all those fraudulent charges on your cards? Don't you get sent an SMS with a one-time code to confirm online purchases? Don't you use a pin code for purchases on a store?

Chip technology only mitigates card-present fraud. Internet fraud is still a problem.

And there are still many millions of mag stripe-only cards that have not been replaced by chip cards.

You don't need special tech to mitigate Internet fraud. As I say, whenever you buy something worth above X you are redirected to your bank's page, where you have to input a one-time code you are sent to your mobile device via SMS.
It doesn't completely eliminate fraud, but they need to clone your phone number to do major harm.

[CountDeMoney]

More from the "Yeah, About That, Sorry But We'll Be OK" files...

Equifax Breach: Two Executives Step Down as Investigation Continues
By NICOLE PERLROTH and CADE METZ
UPDATED 10:47 AM
The Failing New York Times

SAN FRANCISCO — Equifax, the credit reporting agency, said Friday that its chief information officer and chief security officer were retiring "effective immediately." The announcement came one week after the company revealed that a cyberattack potentially compromised confidential information of 143 million Americans. On Friday, the company also provided further details about when it had discovered the breach and which part of its website had been targeted by hackers. But many details about the breach, who was behind it and the computer security defenses at Equifax are still unclear.
What We Know

• Hackers exploited a vulnerability in website software. They gained access to certain files containing names, Social Security numbers, birth dates, addresses and driver's license numbers. Equifax also said the thieves lifted credit card numbers for about 209,000 consumers. The company on Friday disclosed that around 400,000 British consumers may have also been affected.

• The breach was open from mid-May to July 29. That was when Equifax first detected it. The company said it had immediately worked to stop the intrusion, and the following week engaged Mandiant, an independent cybersecurity firm, to oversee an investigation into the scope and causes of the breach.

• Equifax is making personnel changes following the breach. On Friday, Equifax said its chief information officer, Susan Mauldin, and its chief security officer, David Webb, were retiring. The company said the changes were "effective immediately."

• The breach involved the company's web page for disputes. The company said the breach occurred in a public website application where consumers could dispute the accuracy of credit information collected by the company. The company said it noticed suspicious traffic to the application on July 29 and took the application offline the next day. It then patched the vulnerability in the application and put the application back online.
Continue reading the main story

• The hack involved a known vulnerability in software used by Equifax. The New York Post first reported that hackers had exploited a vulnerability in Apache Struts, a kind of open-source software that companies like Equifax use to build websites.

On Thursday, Equifax confirmed that the breach involved a bug in Apache Struts, and identified the specific vulnerability. This security weakness was publicly identified in March and a patch to fix it had been available since then.  

The rules for commercial use of open-source software can vary. Generally speaking, open-source software is built collaboratively by developers inside companies, academia and even hobbyists, and is available for free or at a low cost. Different types of Apache software are widely used all over the world.

What We Don't Know

• It is not clear why the company's security methods failed to stop the attack. Equifax said that it was aware of the vulnerability two months earlier and worked to patch the bug then. It is not clear why this patch was unsuccessful, and the company said that it may release additional information as its investigation into the incident continues.

Avivah Litan, a security analyst with the research firm Gartner, said that the bug alone was not to blame. "You have to have layered security controls," Ms. Litan said. "You have to assume that your prevention methods are going to fail."

• The perpetrators of the Equifax breach have not been identified. A group of hackers calling themselves the "PastHole Hacking Team" has claimed responsibility, and threatened to release the data if their ransom demand of 600 Bitcoin — roughly $2.5 million — was not met. In posts and communications with security researchers, members of the team claimed they were able to garner far more data than they expected when they targeted Equifax.

• That doesn't mean this group of hackers was really responsible. Intelligence officials and security analysts in private industry said that while it is far too early to say definitively who breached Equifax, the leading theory is that the company was hit by a nation-state or hackers operating on a nation-state's behalf. They point to the sheer scale of theft, which most likely would have required a heightened degree of sophistication to pull off without being detected.

Other security experts said it would be smart to consider motivation and intent. "Are cybercriminals going to try and sell circa 150 million records in dark web auctions? That's nearly half the population of the United States," said Thomas Boyden, president of GRA Quantum, a company that specialized in cyberattack incident response. "Are there standard cybercriminals out there with the purchasing power for that type of data?"

Still, the detailed personal and financial information collected by a company like Equifax can be resold on the so-called Deep Web. It is much more valuable than credit card numbers, because it has a longer life span and can be used to access all kinds of other information, like bank accounts, loan details and medical records.

• Have these hackers struck before? Mr. Boyden and others said that the breach had many parallels with previous breaches of personal information by nation-states and their contractors. Such government-affiliated hackers compile giant databases of stolen information to see if there is material that can be used for espionage or perhaps even blackmail. Using data-sifting technologies, they comb through massive collections of information to find useful material.