1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Identity thieves crack major Experian security flaw, access custo

    From TechnologyDaily@1337:1/100 to All on Tue Jan 10 13:45:03 2023
    Identity thieves crack major Experian security flaw, access customer credit reports

    Date:
    Tue, 10 Jan 2023 13:26:48 +0000

    Description:
    Access to Experian reports hacked by tweaking the URL, but they were filled with inaccuracies.

    FULL STORY ======================================================================

    The website of consumer credit reporting giant Experian carried a major privacy vulnerability that allowed hackers to obtain customer credit reports, and all it took was a little identity data , and a little tweak to the
    address displayed in the URL bar, experts have revealed.

    Cybersecurity researcher Jenya Kushnir discovered the flaw on Telegram, after observing hackers selling stolen reports, and worked with KrebsOnSecurity to investigate it further.

    The idea was simple - if you had the victims name, address, birthday and Social Security number (all of which might be obtained from a previous incident), you could go to one of the websites offering free credit reports, and submit the data to request one. At that point, the website would redirect you to the Experian website where youd be required to submit more personally identifiable information, such as questions about previous addresses of
    living and such. Experian hack

    And here is where the flaw is exploitable. There is no need to answer any of those questions - all youd need to do at this point is simply change the address displayed in the URL bar, from /acr/oow/ to /acr/report, and youd be presented with the report.

    While testing the concept, Krebs found that tweaking the address first redirects to /acr/OcwError, but trying the tweak again worked: Experians website then immediately displayed my entire credit file, the report states. Read more

    Check out the best firewalls around


    Experian accounts could still be at risk from hackers


    Credit scores of millions of Americans have been exposed online

    The good news (if it can be seen as such) is that Experians reports are
    filled with inaccuracies. In the case of Krebs, it held numerous phone numbers, only one of which was owned by the author, some time in the past.

    Experian remains quiet about the matter, but the problem seems to have been fixed in the meantime. We dont know for how long the flaw was active on the site, or how many reports were fraudulently generated during that time. These are the best endpoint protection tools around



    ======================================================================
    Link to news story: https://www.techradar.com/news/identity-thieves-crack-major-experian-security- flaw-access-customer-credit-reports


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)