Tuesday, September 12, 2017

Equifax: Here Is What I Want From You



My credit scores. I want my credit scores. I know you’ll give me a year of free credit monitoring, but I’m pretty sure that is only to try to sell me more stuff. Actually Equifax, you are stingy. When Anthem was breached their victims got two years of free credit monitoring AND a $1 million identity theft insurance policy. When Premera Blue Cross was breached they gave away two years of free credit monitoring. Not one year, but two full years AND I got free access for life to the results of my colonoscopy. Equifax, I just want my credit scores. The hackers get them free, why don’t I?

I decided to find out if I am one of the people impacted by the breach. What I learned was that if I can pick out apartments buildings from a lineup, know my last name, and the last six digits of my social security number then I am probably impacted. The last six of my social security number was tricky. I was able to find correspondence containing the last four digits, so that narrowed it down to a maximum of 100 guesses to get the first two. Lucky for me I got it on the third try or else I may have been locked out and had to ask a hacker for assistance.

So here’s how to find out if you are a victim.

Step 1: Go to https://krebsonsecurity.com/2017/09/equifax-breach-response-turns-dumpster-fire/ and pick out the website he indicates needs to be used. Do note that you may need to use a computer and a mobile device to verify the results. A tablet probably isn’t a bad idea either. Perhaps try it with iOS, Android, Win 10, and Symbian.

Step 2. Enter my last name and last six of my social security number (I don’t know if yours will work, but mine does, so I can confidently recommend it). Proceed to pick out ugly apartment buildings from a lineup. 




I hate these captchas. I wonder if the hackers had to complete them to get in too.

You can tell if you successfully completed step 1 by the following conspicuous message.




Have a last name?  √
Know or can guess the last six of your social security number?  √
Can pick ugly apartment buildings out of a lineup?  √

Winner!! You are the proud new owner of one glorious year of free credit monitoring!

I have to admit I got a bit queasy when the next screen appeared.



Why am I being asked for this information? Equifax knows all of this information just from my last name, the last six of my social security number, and some pictures of ugly apartment buildings now linked to my IP address. I forgot to check my VPN - it was off. I fear I am being set up. “See Mr. Investigator, he has some of the stolen data and knows which pictures are the ugly apartment buildings. He’s your culprit.” No, I think I will play it safe and appeal to the hacker’s consciences to do the right thing; Use the stolen data for good and sign me up so it doesn’t look like I committed the crime.

You may think that this sounds absurd, but do remember:

1) Equifax is desperate. Their stock tanked, they’re being grilled by congress, some of their executives sold stock at questionable times, and they face multiple lawsuits. Equifax needs a scapegoat like McCarthy needed commies.

2) The name of this blog is, after all, Security Through Absurdity. Sometimes I have to get a bit tongue-in-cheek or even absurd.

Equifax, I don’t care if you are too cheap to give two years of credit monitoring. I don’t care if you don’t give me a million bucks of identity theft protection. I don’t care about lawsuits. All I want is my credit scores. That is the only information that the hackers have that I do not have, and they got it for free.

Collector of free credit monitoring services and free identity theft insurance policies, and connoisseur of ugly apartment building fine art.