AnnualCreditReport.com Compromised

CommanderFrank

CommanderFrank

Cat Can't Scratch It
Joined
May 9, 2000
Messages
75,399
If you are any one of over 200 million Americans who have used the free AnnualCreditReport.com site to check your credit report, your personal information may have been compromised by hackers. This fact was finally revealed and confirmed this week by the three credit bureaus that jointly operate the free site.

The statement did not identify which credit reports had been accessed through the website or explain why more than four reports had been published on the website. TransUnion and Experian also confirmed unauthorized persons had managed to access the credit report data.
Click to expand...
 
Confirmed this week? So that means they were hacked prior to this week?
 
The irony!

Your credit report goes south because you use a website to check your credit report.
 
/facepalm

They had better individually notify everyone that has had their information compromised and offer more free credit reports to watch for the likely repercussions.
 
Game Master 128 said:
/facepalm

They had better individually notify everyone that has had their information compromised and offer more free credit reports to watch for the likely repercussions.
Click to expand...

Well this is BS.......

We guard your privacy.

Please be aware of how you arrived at this site. To ensure that you are visiting the legitimate site, type https://www.annualcreditreport.com directly into the address bar on your browser. You will never receive an email directly from the Annual Credit Report Request Service.
For further information please read the Security Policy.
Click to expand...
 
Let's see, it is "Norton secured"...

Sponsored by the three credit big dogs, equifax, experian, and trans union.

Which means, they will all now sell people "protection" for your information that they mishandled so badly.

Idiots.
 
Hmm, can't seem to be able to edit the post... in any case:

Fight identity theft by monitoring and reviewing your credit report.
Click to expand...

Now they have to say, but, don't do it using this site, since we have been compromised!
 
Shit, I just got my credit report from there last month, after not using it for years. Way to go, guys.
 
Why does anyone use that? Is it the default online reporting company or something? I just go to the actual credit companies and request a free report be sent to me. Of course, I usually only pull one at a time, then when I need to check again I pull another, unless all 3 are done for the year. Nothing really changes from year to year unless you can't pay your bills.
 
It wasn't "hacked" or "compromised".

http://redtape.nbcnews.com/_news/20...-data-from-annualcreditreportcom-equifax-says

"TransUnion’s systems were not hacked or compromised in any way," the firm said in a statement to CNBC. "The sophisticated perpetrators of these fraudulent activities had considerable amounts of information about the victims, including Social Security numbers and other sensitive, personal identifying information that enabled them to successfully impersonate the victims over the Internet in order to illegally and fraudulently access their credit reports. TransUnion is taking steps to assist the individuals affected to help minimize any potential impact. We are conducting our own internal investigation and working closely with law enforcement."
Click to expand...
 
I read the article but didn't see anything on what to do if you're one of those people who've used that service.


Fuck
 
martinmsj said:
I read the article but didn't see anything on what to do if you're one of those people who've used that service.


Fuck
Click to expand...

Nothing. They didn't "hack" or "compromise" the website. They were able to obtain the credit reports of a few people because they already had the personal information about them (such as SSN) required to obtain the credit reports.
 
:rolleyes:
damicatz said:
It wasn't "hacked" or "compromised".


"TransUnion’s systems were not hacked or compromised in any way," the firm said in a statement to CNBC. "The sophisticated perpetrators of these fraudulent activities had considerable amounts of information about the victims, including Social Security numbers and other sensitive, personal identifying information that enabled them to successfully impersonate the victims over the Internet in order to illegally and fraudulently access their credit reports. TransUnion is taking steps to assist the individuals affected to help minimize any potential impact. We are conducting our own internal investigation and working closely with law enforcement."
Click to expand...
Click to expand...

Mass hysteria created by a mainstream media who has no idea what hacking really is.

No need to worry guys. The site was not hacked. It was compromised by people who already had the pertinent information required to fraudulently generate credit reports.

These are the same people who think it is hacking when I guess you password because it is your dogs name :rolleyes:
 
This is how the website with Obama and Gore and other celebs got that information
leaked out.

They had information from public records, and since the 3 sites operate off the same basic
questions for security, you can guess wrong on one, and eventually you can generate enough
information from guesses to circumvent the system.
 
Phew. The posts here are so much clearer than what the thread title or the actual article is. I was worried sick for a minute but thanks to the posts here it appears the average Joes and Janes have nothing to worry about...yet.

I just have to roll my eyes again at the sensationalist headlines again. Creating hysteria and panic all for page views and ultimately money.
 
awww fuck. I was going to ask them to wipe out my loans and give me an 850 fico score.
 
Why go through a third party to get your reports anyway?

I contact the reporting agencies directly for them.
 
For people who never use the service, you're in the same boat as people who have.

Consumers who hear that AnnualCreditReport.com has been compromised might be dissuaded from using the site in the future, and perhaps paying another third-party firm for their credit reports. Doing so would not enhance their security, however. The data available at AnnualCreditReport.com could be accessed by criminals, even if the consumer never asks for it.
Click to expand...
 
jpm100 said:
For people who never use the service, you're in the same boat as people who have.
Click to expand...

Yes, if someone knows your SSN, your residences (current and previous), what kinds of cars you own as well as any loans you may or may not have, then they can get a credit report.
 
damicatz said:
Yes, if someone knows your SSN, your residences (current and previous), what kinds of cars you own as well as any loans you may or may not have, then they can get a credit report.
Click to expand...

I guess you missed the part about much of the stuff being asked is in a multiple choice format allowing them the iteratively guess their way through much of it. As for the rest, do you really think your HR file, which has nifty details like SSN, addresses, etc. is secure from a worker trying to make a buck. Or your doctor's office or emergency room visit? Or college? All those guys have kept your SSN & Addresses perfectly secure?
 
BBA said:
Why does anyone use that? Is it the default online reporting company or something? I just go to the actual credit companies and request a free report be sent to me. Of course, I usually only pull one at a time, then when I need to check again I pull another, unless all 3 are done for the year. Nothing really changes from year to year unless you can't pay your bills.
Click to expand...

Because if you go to say, for instance, Experian and request your annual free credit report it redirects you to AnnualCreditReport.com.
 
damicatz said:
Yes, if someone knows your SSN, your residences (current and previous), what kinds of cars you own as well as any loans you may or may not have, then they can get a credit report.
Click to expand...

Not easier than you think. They would have to know your entire credit history, where you've lived (not current ones), what loaning institutions you've used for college, etc. Only the people who know that intimately is the person themselves. Have you actually done the free credit check? Doesn't sound like it.

Now a little note for the people. Most people get all the free credit agencies at once. There's 12 months in a year so people should always check with 1 credit agency at a time per 4 months. So that way you can keep on top of your status every 4 months instead of yearly.
 
Kaitian said:
Not easier than you think. They would have to know your entire credit history, where you've lived (not current ones), what loaning institutions you've used for college, etc. Only the people who know that intimately is the person themselves. Have you actually done the free credit check? Doesn't sound like it.

Now a little note for the people. Most people get all the free credit agencies at once. There's 12 months in a year so people should always check with 1 credit agency at a time per 4 months. So that way you can keep on top of your status every 4 months instead of yearly.
Click to expand...

It's easier than you think. Anytime I lend my friends my money I always take a look at their credit report. Knowing basic info on them lets me guess the answers. It's multiple choice anyway. And I only had a social security number once (my best friend, so he trusts me).

There's also multiple places to get a free credit report. With (credit karma) or without a social security number (quizzle). Letting you guess multiple times.

Infact to be honest, none of these online places should be trusted if they need your social. Quizzle is doing it right. SSN is not even required to have a credit file. Negatives can also appear on your credit file when the companies don't even have your social.

These same credit bureaus exist in other countries (UK, Canada, etc) and so they have plenty of experience in tracking people without SSNs.

Anyway. Fact is, credit is not secure the way it's done now.

You can go to a Target and some high school kid working there gets paid extra if he gets you to apply for credit. From an application that person can have all the needed info to access your credit file* and even change the address on your current card. Think about it. The app contains your SSN, Name, Address, Mother's Maiden Name, sometimes even previous address. It seems we trust far too many people with our information. Not that we always have a choice though.

*If your credit file is long and complex then there's less of a chance at guessing it. But there's 3 different main bureaus and a number of other websites that use them. Giving you plenty of guesses.

Work at some place that gets you access to customer info. Look through their credit file to see who has the best one. Why the best one? Biggest chance of being approved without extra verification and also gets you the highest credit limit .Do what you want with it and not get caught. It's being done :).

PS: Anytime you apply and get denied you can get a free credit report from the bureaus themselves. You apply for a credit increase and don't get one? Free credit report. Denied for a card, car loan, house loan? Free credit report.
 
No. It's not easier than you're trying to state. My point was that they ask you extremely difficult questions to bypass before proceeding on. Just because you loan your friend their money is because you have a connection with them. The issue is over the whole White House / celebrity leaks which was done via social engineering through the fault of the company itself. Now trying to bypass the website part? That's a good trick.

"What financial institution gave you college money?" for example
And the list of answers would be extremely difficult since there isn't really any common differences.

They ask you 5 questions or more which all of which are difficult to answer and the odds of getting 5 in a row is tricky. Oh even if you screw up, they ask an entire different set of questions even increasing the difficulty. Fuck it up too many times, you have to call and answer a set of questions that also have details over your life.
 
damicatz said:
Yes, if someone knows your SSN, your residences (current and previous), what kinds of cars you own as well as any loans you may or may not have, then they can get a credit report.
Click to expand...


landlords usually have access to that kind of information. If that shit gets into the wrong hands, e.g if they don't shred papers, then it gets ugly
 
Kaitian said:
No. It's not easier than you're trying to state. My point was that they ask you extremely difficult questions to bypass before proceeding on. Just because you loan your friend their money is because you have a connection with them. The issue is over the whole White House / celebrity leaks which was done via social engineering through the fault of the company itself. Now trying to bypass the website part? That's a good trick.

"What financial institution gave you college money?" for example
And the list of answers would be extremely difficult since there isn't really any common differences.

They ask you 5 questions or more which all of which are difficult to answer and the odds of getting 5 in a row is tricky. Oh even if you screw up, they ask an entire different set of questions even increasing the difficulty. Fuck it up too many times, you have to call and answer a set of questions that also have details over your life.
Click to expand...

Yup. I tried to get mine and couldn't through all 3 agencies. They asked me questions that were completely wrong. One of them basically asked if I took out a car loan in 2102, then the next question was how much is the monthly payment. They also said I had a mortgage loan taken out in a year in which I know I didn't take one, then proceeded to ask me how much it was for. None of those questions were right for me so I answered "None of the Above'. Of course that was all wrong and I wasn't allowed to get it.

The scary thing is, is that now I get to try and get in touch with all 3 to see WTH they have on me b/c some of those questions scare me as to what might actually be on my credit report then. And I know they will make it next to impossible to communicate with them about it too. These credit agencies are bullshit. They get paid to keep records, then don't keep customer service who will answer questions on these potentially life altering services.
 
Kaitian said:
No. It's not easier than you're trying to state. My point was that they ask you extremely difficult questions to bypass before proceeding on. Just because you loan your friend their money is because you have a connection with them. The issue is over the whole White House / celebrity leaks which was done via social engineering through the fault of the company itself. Now trying to bypass the website part? That's a good trick.

"What financial institution gave you college money?" for example
And the list of answers would be extremely difficult since there isn't really any common differences.

They ask you 5 questions or more which all of which are difficult to answer and the odds of getting 5 in a row is tricky. Oh even if you screw up, they ask an entire different set of questions even increasing the difficulty. Fuck it up too many times, you have to call and answer a set of questions that also have details over your life.
Click to expand...
Except they can brute force it and track the answers. And I'm guessing if they try too many times, the requirement to phone in resets after a certain amount of time passes.

The whole point the article is that the protection scheme was penetrated.
 
You must log in or register to reply here.
Back
Top