Equifax Hack


From someone who works at a bureau I would like to reccomend everyone to check and see if they were part of the Equifax hack. It is serious. All of your personal information like SS, address is stolen. But more importantly. They hackers have access to your entire credit history. It might not seem like a big deal but almost every institution that loans money uses your credit history as an ID verification.

Example. You sign up for a 30k loan. They ask for your standard details like name, address, DOB, etc. Which Isn't that hard to get. But as protection they ask for additional information only you would know.

A lot of the time that information is your credit history. like how many credit cards do you have with the bank or who currently services your student loan, or what year you took out a loan.

All of these ID verification questions are now easily answered if the hackers have your credit history.

Equifax is giving away free protection to those impacted. I highly reccomend you do it.
gguenotMurderbearChinaski
«1

Comments

  • I'm not going to give any links cuz I don't want to appear like I'm trying to direct you to site to phish. But just Google and do some research and you will find out how to know if you were impacted and how to protect yourself.
  • https://www.equifaxsecurity2017.com
    This is the actual site set up by Equifax, not that they seem to know the difference.
    HatorianMurderbear
  • This whole thing is a masterclass in cyber security failure.
    Hatorian
  • Yep. That's the right site. But I just felt weird if I included it. May have looked a bit scammy.
    Murderbear
  • Alkaid13 said:

    This whole thing is a masterclass in cyber security failure.

    Not just that but Pure Executive fraud on levels not seen since The financial crisis.
  • Alkaid13Alkaid13 Georgia
    edited September 25
    It's like if you took 21st century corporate failures and distilled them into the most quintessential version. No one is going to jail for this either.
    Hatorian
  • Alkaid13 said:

    It's like if you took 21st century corporate failures and distilled them into a the most quintessential version. No one is going to jail for this either.

    This will be taught in business classes for years
  • In a class called "How to fuck up royally and still come out on top".
  • Yea, if no one goes to jail it just proves the system is fucked. All the proof is there. The executives knew they got hacked, sold their stocks and then announced it. They should go to jail but they probably won't.

    In top of that there's a class action lawsuit where the law firms are going to make millions while the people actually impacted will get little to nothing.

    It's just a huge kick in the balls to the consumer. It sucks.
  • So this isn’t one of those situations where I let my defeatist view on cyber security keep me from doing something?
  • I mean the safest cyber security is to never own a computer and never get on the internet, but unless you're willing to be a hermit it's generally a good idea to do some research into good safety practices.
  • Alkaid13 said:

    I mean the safest cyber security is to never own a computer and never get on the internet, but unless you're willing to be a hermit it's generally a good idea to do some research into good safety practices.

    Even that wouldn't have saved you from this hack though. literally all you had to do was take out a single loan or have a credit card to be impacted. No amount of personal cybersecurity would have protected you from this.
  • HatorianHatorian Dagobah
    edited September 25
    Here's my Cybersecurity tips.

    1. Have different passwords for everything. I know it seems difficult but a good strategy is this.

    Have a strong base password that usually covers all the requirements like 8 minimum characters, Upper, lowercase, number and special character. Then to easily remember the different password simply add 2 letters of the website to it at the beginning or end.

    Example: base password: B@ldMove123

    Then for Facebook you do B@ldMove123FA

    For Google you do B@ldMove123GO

    For your Bank of America you do B@ldMove123BA

    Etc, etc

    It's an easy way to remember passwords but not have the same one. All you need to do is remember 1 password and the first two letters of the website.

    2. Buy good anti-virus software

    3. Try to avoid downloading free software or apps as much as possible

    4. Get a VPN

    5. Use 2 factor authentication as much as possible. It's annoying but it's much safer

    6. Have an email for less important sites like Facebook, Google, etc. Ones that don't have your credit card on file or are linked to your financials. Then use a different email address for your bank or sites that have your credit card on file.

    7. Keep your Facebook private
    jarrodtbkingbee67
  • True, the only "truly safe" cyber security is to pretend like its 1950, only pay in cash, never get a card, never get an account to anything including a bank, but that's unreasonable unless you're like a Tibetan monk or something and I'm pretty sure most of those guys have cell phones now.
  • Alkaid13 said:

    True, the only "truly safe" cyber security is to pretend like its 1950, only pay in cash, never get a card, never get an account to anything including a bank, but that's unreasonable unless you're like a Tibetan monk or something and I'm pretty sure most of those guys have cell phones now.

    Yea, I live in Singapore and there's a Buddhist temple right next to work and i regular see monks fully dressed up in traditional garb at the ATM taking money out.
  • akritenbrinkakritenbrink Lynnwood, WA (Seattle area)
    image
    kingbee67
  • @Hatorian perosnally, I would recommend a password generator/program like LastPass. This way you can have a different password for every account and have them be totally random (you don't need to remember them).

    VPN is only as safe as the VPN is (in some cases not at all). Much like Tor, anonymous is fickle and can be circumvented without you knowing.

    Other than buying AV (depending on OS), all good advice. Another I would add is to never click a link from a financial institution or social media unless you initiated it (like password reset). Always go directly to the site and log into it. This way you can avoid the many pishing scams out there.


    @Alkaid13 not sure if things have changed, but I know that site was fluky at best when it was set up. People would get different answers on different days so the "report" seems random.
    Hatorian
  • ThomasThomas North Carolina
    I love how Equifax's website for the issue looks like a phishy site.  I already hate the credit report system, but stuff like this just makes it even more faulty.
  • edited September 25
    And the cherry on top is that Equifax acquired an Identity Protection firm before news of the leak broke, so they can make more money off the people they screwed over. I'll assume that this where Equifax will refer victims to in the future.

    "[Equifax] purchased an identification protection service called ID Watchdog on Aug. 10, two weeks after Equifax discovered the data breach but a month before disclosing it publicly."

  • akritenbrinkakritenbrink Lynnwood, WA (Seattle area)
    At what point does the credit reporting system become irrelevant? I wonder if this is the year.
  • @KingKobra
    Oh it's definitely not optimal but it's the real site, for whatever that's worth.
    KingKobra
  • At this point I'm waiting to hear about some Equifax exec who got scammed by a Nigerian prince email or something.
    Thomas
  • At what point does the credit reporting system become irrelevant? I wonder if this is the year.

    Heh, not going to happen. It's much to intertwined into almost every financial decision that is made these days. Until someone comes up with a viable alternative they are here to stay because they are the "only" choice.
    Hatorian
  • Alkaid13 said:

    @KingKobra
    Oh it's definitely not optimal but it's the real site, for whatever that's worth.

    Yeah, it's been poorly handled from the beginning. 1) you don't make a website that is off the main domain, 2) you leave databases publically accessible (there are good guys who scan for this stuff all day every day 3) your site while legit, doesn't seem to have a reliable live database behind it.
  • KingKobra said:

    At what point does the credit reporting system become irrelevant? I wonder if this is the year.

    Heh, not going to happen. It's much to intertwined into almost every financial decision that is made these days. Until someone comes up with a viable alternative they are here to stay because they are the "only" choice.

    I sell to the banks. All of them almost solely make their credit decisions based on bureau data. If you have no credit history you get no loan. That will not change ever. Your credit history will always be used. But alternative data is becoming more prelavant. Like your Linkedin page, your facebook page, your telco data, your apple/google/geo location data, etc. All of this is or is going to be used to assess your credit worthiness. I
    KingKobra
  • FreddyFreddy Denton, Texas
    edited September 26
    Ha ha. I've literally only had my accounts hacked on websites that require a complicated password. The ones that leave the sophistication up to me never have an issue.
  • I've read that the best thing to do is pay the nominal fee ($10-20) that each of the 3 major credit bureaus offers and get a credit freeze, so that no new accounts can be opened in your name. Is this right? I looked at some of the rules for a freeze and it seems you can lift them at any time - although it's probably best to do if you have no plans to open any new credit in the next year or two. 

    I've also read that it's not worth it to sign up for the $10 or $20 a month services they offer to watch your credit, it's basically a cash cow for them and doesn't do anything more than what you would see if you got your report free from one of them every 4 months, since they're each required to give you one every year for free. 

    I've dealt with a T-mobile account being opened in my name and it was a b*tch taking care of it. And it still pops up every few years because someone is selling the account off to another collection agency. So I have been paying equifax for the monthly service but I'm about to cancel it since clearly they cannot be trusted, plus after all the research I've been doing I've decided it's essentially useless.
  • @jazzminawa as far as pulling your report, thatbwould only work if all 3 had the same information. Sometimes you'll see accounts on one report and not another. Freezing your accounts can be good as long as you don't plan on applying for anything that needs a credit check. Otherwise you'd need to "allow/unfreeze" for that check to happen. I have a feeling that the "freeze" may be free soon, so not sure I'd pay right now. Credit monitoring can be useful, but honestly with the amount of data lost, this eillfollow some people for many many years.
    jazzminawa
  • JaimieTJaimieT Atlanta, GA
    edited September 26
    I'd be all over doing a credit freeze, but I'm probably going to be getting an apartment soon. Of course I've heard, I just ask what bureau they check and unfreeze that one. Hmmm... maybe I will.

    What if freezing/unfreezing becomes the new normal? Won't people just find a way to hack that system? Grr.
Sign In or Register to comment.