Security Vulnerability
September 12, 2017 by

Equifax’s Credit-Monitoring Site is also Vulnerable as US Senators Demand Answers

The website set up by Equifax to enable credit account monitoring following last week’s comprehensive security breach is also vulnerable to hackers.

The aftermath of last week’s breach saw millions of users setting up alerts and freezes on one or multiple credit accounts.  As it turns out, a new website used by Equifax to set up alerts on an individual’s credit rating history can be spoofed easily, a security researcher has discovered.

As reported by ZDNet, security researcher Martin Hall revealed that the credit alert website can be ‘easily spoofed. The website allows users to request a 90-day fraud or active duty alert for credit report holders. However, the vulnerabilities in the website enables hackers to steal personal information of those who visit the website.

Specifically, the website is vulnerable to a cross-site scripting (XSS) attack, allowing an attacker to run a malicious code on a website or a web application. With the malicious code included in Equifax’s web URL, the prompt will essentially become a part of the Equifax domain. The browser, however, still assumes the website is secure with a ‘lock’ icon on the browser window.

Essentially, anyone who is made aware of the code can use it in phishing emails to gather personal information from unsuspecting consumers.

“I looked at the code and noticed that I could break out of the developers code into my own, Hall told ZDNet. “This gives me full permission to change the page to say or load any content I want.”

Alarmingly, Hall added that he had reached out to Equifax’s security team about multiple flaws in the company’s website but he did not hear back from the company.

Meanwhile, two key US senators have demanded Equifax answer detailed questions about the breach, which affected some 143 million Americans.

“The scope and scale of this breach appears to make it one of the largest on record, and the sensitivity of the information compromised may make it the most costly to taxpayers and consumers,” the letter by Senator Orrin Hatch who chairs the Finance Committee and ranking Democrat Ron Wyden.

Image credit: Pixabay.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Equifax’s Major 2017 Data Breach Nears 150 Million Victims

The massive data breach of consumer credit reporting giant Equifax gets worse as an additional 2.4...

Read more arrow_forward

Equifax Website Hacked Again with Malware Flash Redirect

Credit reporting giant Equifax which suffered the ignominy of exposing the personal data of nearly...

Read more arrow_forward

Equifax CEO Retires after Data Breach of 143 Million U.S. Customers

The CEO of credit reporting agency Equifax is stepping down as a direct result of the infamous data...

Read more arrow_forward