Equifax accidentally links to impostor Equifax website after breach

Equifax has linked to an impostor website on its Twitter account multiple times since Sept. 9, according to CNN.

The impostor website referenced a recent cybersecurity incident at Equifax that affected 143 million consumers.

The Atlanta-based consumer credit reporting agency discovered July 29 cybercriminals gained access to its files through a website application vulnerability, potentially exposing customer financial data including names, Social Security numbers and dates of birth, among other information.

Equifax addressed customer service inquiries and complaints about the incident through its Twitter account. However, in replies to customers seeking more information, it accidentally linked some tweets to securityequifax2017.com. The company's real response website is equifaxsecurity2017.com.

Nick Sweeting, a software engineer, created the impostor website within hours of the initial breach to illustrate how easy it is to impersonate the company's website. He told CNN his goal is to encourage Equifax to move the response website to the company's more secure domain.

Equifax did not respond to CNN's request for comment. The company's tweets linking to the impostor website have since been deleted.

More articles on cybersecurity:
59% of hackers agree phishing is most effective way to extract data, survey finds
Merriam-Webster adds 'ransomware,' 'Internet of Things' to dictionary
69% of IT security pros say threat intelligence is too complex for actionable insights: 5 survey insights

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months