An Update on the Equifax Fiasco
Equifax has been known for its most recent mishaps which exposed millions of Americans who were given no other choice but to go there after they numbers were leaked.
On Twitter they linked to the wrong website 3 times. The correct URL is https://www.equifaxsecurity2017.com but they linked it to http://www.securityequifax2017.com. Fortunately, the person that created the false-website did not have malicious intent.
Tarah Wheeler, a cybersecurity consultant at Red Queen, weighed in on the controversy.
“The ‘wget’ command on linux allows you to download a website, including all images, html, css, etc. Using this command, they could easily just suck their whole site down and throw it on a $5 server. It currently has the same type of SSL certificate as the real version, so from a trust perspective, there’s no way for users to authenticate the real one vs my server. They should either change it to https://equifax.com (with an EV cert), or take it down altogether.”
“I hope other companies are able to learn from this mistake, and remember to publish content only on trusted domains. … I just hope the employee who posted the tweet doesn’t get fired, they probably just Googled for the URL and ended up finding the fake one instead. The real blame lies with the people who originally decided to set the site up badly.”
It only took Nick Sweeting 20 minutes to build his clone website. It was cheap, fortunately for Equifax’s sake Nick Sweeting didn’t want to steal customer’s information, but, there have been other cyber-security breaches where the company hasn’t always been so lucky. Additionally, Nick Sweeting suggests that Equifax had a really hard time using websites that have been trusted or verified. If this is the case, then users should be really careful when looking at Equifax’s tweets — especially if their social-media manager is going to make a mistake like that when posting on their accounts.
According to the Verge, this was not the first Equifax Security breach, however, take note that while these responses are mistakes that Equifax is making publicly, they are not disclosing other matters at hand New evidence raises doubts about executives’ handling of the Equifax breach. They first noticed a breach in March, then, they hired a firm called Mandiat which helps companies respond to security threats. On July 28th and the 29th they noticed that there was unusual behavior and they notified their customers of the activity.
The WSJ reports that Equifax is a common target, and that hackers went after names, addresses, social security numbers, date of births, and other PPI. To add to the matters, the U.S. Department of Justice is conducting an investigation to their stocks — on August 2nd, 3 senior Executive Officials sold their shares worth 1.8 millions, and 2 executive officials retired shortly thereafter. That was not too long ago since the hack.
U.S prosecutors and the FBI are looking into the matter, according to the WSJ, one of their sources mentioned that given the sophistication of the hacks that it could possibly be a state-sponsored actor although no proof has been given of that quite yet at this time.
This is an ongoing story.