قالب وردپرس درنا توس
Home / LifeStyle / It doesn't matter if China hacked Equifax

It doesn't matter if China hacked Equifax



It was a message of PR relief for Equifax skinsuits who spend their life cycles benefiting (and we are powerless to stop) from tracking and trading our personal and financial information. Especially now that we're seeing reports of four Chinese hackers "defeating Equifax".

That sure sounds a lot better (for her) than the fact that Equifax's security deficiencies have been so bad for so long that a violation has been inevitable. A month after Equifax admitted the violation, the press and experts noticed the multitude of problems that were likely to result in "more than one group of hackers breaking into the company".

Yes, something makes me think that China's hackers are more of a hacker "hoarder" than a "sing Kumbaya" type ̵

1; and our stolen Equifax data has definitely been shared. "Seattle-based Katie Van Fleet says she has spent months regaining her stolen identity and has been stolen more than a dozen times," said NBC. "I didn't sign up for Equifax, so I feel like all of that stuff was taken away. Now I'm here to try to pull the pieces together and protect myself and my credit," said Van Fleet.

And that's the thing: None of us have registered for Equifax. But here we are.

Stop me if you've heard this before.

  Google Wi-Fi and iCloud Illustration

The stolen files were referred to as "records". In early 2018, however, Equifax was forced to allow "records" – our names, home addresses, dates of birth, social security numbers, credit records, driver's licenses, passports and everything.

By March 2018, the company was revealed to have found a few more victims of violations in its sofa cushions. "In September last year, Equifax announced that 145 million US customers may have stolen their information," the BBC said carelessly. "The investigation into the violation has revealed that the details of another 2.4 million Americans have gone astray."

The company had been warned by a security researcher to fix its vulnerabilities months before the alleged first attack. This researcher shared his findings with the press, showing that a public web portal allowed anyone "without any authentication" to access each American's personal information, including social security numbers, full names, dates of birth, and city and country of residence. "" What's more:

While investigating Equifax servers and sites, the researcher said they could take control of multiple Equifax servers or get shell access, as hackers point to, and found several others for simple errors like SQL injection, a common, basic way to attack websites. Outdated software was running on many servers … Equifax had made thousands of servers available on the Internet …

The researcher reported all of this to the company. "If it took me three hours to find this website, I definitely think I'm not the only one who found it," they said to Motherboard. "It wasn't just a violation. Maybe there were dozens."

Six months after this first researcher informed the company about the vulnerability, Equifax patched it – but only after the massive violation, according to Equifax, had already occurred in Timeline.

When Equifax was invited to a congressional hearing on the apocalypse of data protection and consumer identity on the carpet, EquJ reported that Equifax & # 39; temporary executive told Congress that he wasn't sure whether the company was encrypting consumer data. Equifax actually stored unencrypted user data on a publicly accessible server and "didn't encrypt its mobile applications either – and when it encrypted data, it left the encryption keys on the same publicly accessible servers."

Finally, a large class action complaint revealed that this was not all: we found that Equifax internally & # 39; admin & # 39; used as username and password.

But okay. They want us to blame China.

 Chinese hacker Equifax "data-caption =" Attorney General William Barr calls a reporter during a press conference at the Department of Justice in Washington. Four members of the Chinese military were accused of breaking into the Equifax credit bureau networks and stealing tens of millions of Americans' personal information, the Department of Justice said on Monday, accusing Beijing of one of the greatest hacks in history. (AP Photo / Jacquelyn Martin) "data-credit =" ASSOCIATED PRESS "data-credit-link-back =" "data-dam-provider =" Associated Press "data-local-id =" local-2-5339483-1581700866774 "data-media-id =" ee83fee9-b13f-3cd3-8201-7ce75e5a0107 "data-original-url =" https://s.yimg.com/os/creatr-images/2020-02/5a891c80-4f4e-11ea -bf97-618ab587aac3 "data-title =" Chinese Hackers Equifax "src =" https://o.aolcdn.com/images/dims?crop=4862%2C3241%2C0%2C0&quality=85&format=jpg&resize=1600%2C1067&image_uri=t % 3A% 2F% 2Fs.yimg.com% 2Fos% 2Fcreatr-images% 2F2020-02% 2F5a891c80-4f4e-11ea-bf97-618ab587aac3 & client = a1acac3e1b3290917d92 & Signature = 0c27c4e7b51930a102 have been submitted. Still, the company seemed to like something like that. Security company FireEye silently removed its boast of protecting Equifax from its website, but was still tasked with handling Equifax's incident response. [19659002] Equifax & # 39; Answer to everything was a master class in how to do everything wrong. </p>
<p>  Immediately after the violation, it was found that Equifax was rated "F" in terms of app security. The company responded by silently disappearing its apps from the Apple App Store and Google Play (Android). </p>
<p>  Equifax attempted to trace the breach to a single vulnerability in Apache Struts. Apache wasted no time in publishing a statement that said Equifax was responsible for not patching it. The company had been informed about this six months before the alleged incident. </p>
<p>  Within an hour after the violation was publicly disclosed, it became known that three Equifax executives had sold shares shortly before the violation and <i> after </i> Internal knowledge of the incident (one month prior to public recognition). </p>
<p>  Speaking of benefiting from our pain … One of the engineers who worked on the coding of the Equifax website "equifaxsecurity2017.com" has misused the information from people who misuse Equifax shares. This was the WordPress site Equifax sent consumers to find out if they were affected by the violation. It was totally broken: visitors received different answers for every request. Visitors were also informed that Equifax's credit monitoring service was not available and they should check again later in the month. Many noticed that you could enter any gibberish to get the same answers. </p><div><script async src=

It also seemed a while that those who signed up for credit monitoring waived some legal rights.

Then $ 700 million in data breach resolution. This resulted in $ 125 per person. Except that Equifax only wanted to pay 248,000 actual victims – and applied for over four and a half million, which cut the payout to $ 6.80 per victim.

The inventory of golden parachutes has increased significantly.

  492814833 "data-caption =" golden parachute "data-credit =" cthoman via Getty Images "data-credit-link-back =" "data-dam-provider =" "data-local-id =" local- 4-6374221-1581701226941 "data-media- id =" fce5bf8c-fb75-4fa0-9e8e-4c645e30edbe "data-original-url =" https://s.yimg.com/os/creatr-uploaded-images/2020- 02 / 318a4f60-4f4f-11ea-bfff- c504a0ebd190 "data-title =" 492814833 "src =" https://o.aolcdn.com/images/dims?resize=2000%2C2000%2Cshrink&image_uri=https%3A%2F% 2Fs.yimg.com% 2fős% 2Fcreatr- uploads% 2F2020-02% 2F318a4f60-4f4f-11EA-bfff-c504a0ebd190 & client = a1acac3e1b3290917d92 & signature = 9b48b720a1005951af1eb61c34891fe98b748d56 "/> [19659002EquifaxwurdeineinemvölligblödenundpwnedvermeidbarundsindjetztdergrößteTrottelinderwirbelndenToilettenschüsselunserermodernenPrivatsphäreApocalypse</p>
<p>  Although the officials for one minute were mad at Equifax and consumers want to burn it down and salt the earth, they do it all well believed that the company's large corporate customers would pass the loathsome data traders. "The competitive credit bureau said Friday it hadn't lost any significant business." </p>
<p>  The point of sale reminded us, "Most of Equifax does business with banks and other financial institutions – not with the people about whom they collect information." According to GovTech, "Equifax, based in Atlanta, was chastised a year after the worst data breach in US history to date, but its business model remains unchanged and the company continues to operate practically without prejudice to legal, regulatory, or criminal penalties." 19659002] Equifax received a "Get out of Jail Free" card: The Consumer Financial Protection Bureau decided not to do anything about it. Former CFPB director Richard Cordray had approved an investigation. Reuters wrote: "But Cordray resigned in November and was replaced by [Mick] Mulvaney, President Donald Trump's head of household." </p>
<p>  Mulvaney, head of the CFPB, withdrew the agency from a thorough investigation and indefinitely suspended plans for on-site testing of how Equifax protects its data. "The CFPB has also recently dismissed the Federal Reserve, Federal Deposit Insurance Corp, and the Monetary Office's banking regulators for offering to help with on-site credit bureau audits," Reuters reported. </p><div><script async src=

So, I & # 39; I'm sorry, Scooby Gang. It doesn't matter who hacked the Credit Risk Assessment company that no one can unsubscribe from. Old Man Equifax will get away with it.

Imagine a company with the dated incompetence of Yahoo security around 2013-14. The arrogance and greed, the growth at all costs for the Hybris von Uber company circa 2009-2017. The "hot or not" contempt for people and rape of privacy as Facebook around 2004-today.

Equifax, the oldest, old-fashioned owner of data plantations from the redlining era (approx. 1899), who couldn't. I didn't even set up a WordPress site in 2017 and I know how to keep up with Techbro Jonses. Lots of money and no consequences can keep you so nimble.

It's really pretty crazy.

Images: Jaap Arriens / NurPhoto via Getty Images (Equifax / Matrix); AP Photo / Jacquelyn Martin (AG Barr); cthoman via Getty Images (golden parachute)


Source link