Experian allows users to undo a credit freeze just by knowing a handful of breachable facts

Experian allows users to undo a credit freeze just by knowing a handful of breachable facts

7 years ago
Anonymous $wKBR2uNMvM

https://www.theverge.com/2017/9/21/16345422/experian-credit-freeze-equifax-breach-vulnerable

Experian's online PIN-recovery system could let attackers undo a credit freeze just by figuring a few easy facts. In the weeks following the Equifax breach, consumers have been told to freeze their credit, thereby blocking possible attackers from opening new lines of credit under their names. It makes sense as a defense strategy, but as cybersecurity reporter Brian Krebs reports today, the protections around those freezes are easy to subvert.

Experian makes it easy to undo a credit freeze, resetting a subject's PIN through an easily accessible account recovery page. That page only asks for a person’s name, address, date of birth, and Social Security number when someone wants to retrieve their credit freeze PIN. All that data was compromised in the Equifax breach, as well as other breaches, so we can probably assume hackers possess this information.