Equifax Pwnage Gets Worse…. Much Worse

The hits keep coming from the saga of Equifax getting pwned in epic fashion. First up is this story that a reader pointed me towards:

Randy Abrams, an independent security analyst by day, happened to visit the site Wednesday evening to contest what he said was false information he had just found on his credit report. Eventually, his browser opened up a page on the domain hxxp:centerbluray.info that looked like this:

He was understandably incredulous. The site that previously gave up personal data for virtually every US person with a credit history was once again under the control of attackers, this time trying to trick Equifax visitors into installing crapware Symantec calls Adware.Eorezo. Knowing a thing or two about drive-by campaigns, Abrams figured the chances were slim he’d see the download on follow-on visits. To fly under the radar, attackers frequently serve the downloads to only a select number of visitors, and then only once.

Abrams tried anyway, and to his amazement, he encountered the bogus Flash download links on at least three subsequent visits. 

Wow. Now when the post that I linked to went online, the attacks stopped. So it is possible that Equifax got control of things again. But the fact that this even happened suggests that these clowns have learned nothing from being pwned.

But I’m not done yet. It now seems that as part of the epic pwnage of Equifax 10.9 million U.S. driver’s licenses were stolen: 

10.9 million U.S. driver’s licenses were stolen in the massive breach that Equifax suffered in mid-May, according to a new report by The Wall Street Journal. In addition, WSJ has revealed that the attackers got a hold of 15.2 million UK customers’ records, though only 693,665 among them had enough info in the system for the breach to be a real threat to their privacy. Affected customers provided most of the driver’s licenses on file to verify their identities when they disputed their credit-report information through an Equifax web page. That page was one of the entry points the attackers used to gain entry into the credit reporting agency’s system..

The higher amount of UK customer info that was swiped was something that I told you about yesterday. But the 10.9 million drivers licenses is new. That sort of information could cause havoc for years. I truly feel that we are still just learning how bad this pwnage was and perhaps (though unlikely) not even Equifax truly knows how much they were pwned. And we may never find out for sure. But every detail that does come out shows that this is bad….. And getting worse.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: