Advertisement

Equifax's data breach response has its own security flaw

The PIN code that locks your credit report is easy to guess.

Reporter

Updated Mon, Sep 11, 2017, 3:52 PM·1 min read

Reuters/Dado Ruvic

The Equifax data breach is already unnerving thanks to the sheer scale of sensitive data involved, but it's not helped by the credit reporting agency's initial response. Clients have discovered that the PIN codes Equifax is handing out to help lock your credit report (so a thief can't open a line of credit in your name) are generated by the date and time you made the request. An attacker could determine your code simply through brute force, especially if they have an idea as to when you locked your report.

For its part, Equifax is improving its approach relatively quickly. The company tells Ars Technica that it's moving to a randomized PIN generation system within a day of this writing (no later than September 12th), and that you can always change your existing PIN. We've asked the company for more details as well. However, it's safe to say that the security flaw is more than a little embarrassing for Equifax. Right now, the company is scrambling to limit the damage to 143 million Americans -- the last thing it needs is to create another opportunity for identity theft.

OMG, Equifax security freeze PINs are worse than I thought. If you froze your credit today 2:15pm ET for example, you'd get PIN 0908171415.
— Tony Webster (@webster) September 9, 2017

Engadget
Paramount+ with Showtime annual subscriptions are half off right now
Paramount+ with Showtime annual subscriptions are half off right now. A yearly subscription costs $60 instead of $120.
Engadget
FTX plans to refund defrauded customers with interest
FTX plans to repay most of its creditors in full and with interest as it attempts to escape bankruptcy.
Engadget
Pick up the 9th-gen iPad with two years of AppleCare+ for only $298
Apple's ninth-generation iPad with Applecare+ is 25 percent off the bundle's sticker price.
Engadget
US revokes Intel and Qualcomm's licenses for chip sales to Huawei
The US has stopped Intel and Qualcomm from selling and sending chips to Chinese-based Huawei Technologies.
Engadget
Remedy cancels its multiplayer game project with Tencent
Remedy's and Tencent's gaming project hit a snag last year when they had to go in a different direction. Now, that project has been cancelled completely.
Engadget
The Morning After: Apple's new iPad Pro is thinner than an old iPod nano
The biggest news stories this morning: Google announces the $499 Pixel 8a early, Apple’s M4 chip arrives with a big focus on AI, Nintendo to announce Switch successor before March 2025.
Engadget
Bluesky plans to launch DMs for users
Bluesky should launch a DMs feature in the next couple months, among other updates.
Engadget
OpenAI is reportedly working on a search feature for ChatGPT
According to Bloomberg, the company is currently developing the capability, which can scour the web for answers to your queries and spit out results complete with citations to their sources.
Engadget
The 5 best cordless vacuums for 2024
Cordless vacuums are often lighter and easier to use than standard vacuums. We tested a number of the most popular cordless vacuums today to find the ones that are worth your money.
Engadget
The 2023 Echo Show 8 is on sale for $100 right now
The third-gen, 2023 Echo Show 8 is 33 percent off, bringing it down to just $100 ($50 off), only $10 off its all-time low.
Engadget
The best tablets for 2024
You might want a tablet to be your main portable device, or to replace your laptop entirely. These are the best slabs you can get right now.
Engadget
Meta is testing cross-posting from Instagram to Threads
Meta is testing the ability to cross-post photos from Instagram to Threads.
Engadget
OpenAI partners with People publisher Dotdash Meredith
OpenAI is partnering with another publisher as it moves towards a licensed approach to training materials. Dotdash Meredith, the owner of brands like People and Better Homes & Gardens, will license its content for OpenAI to train ChatGPT.
Engadget
The best Android phones for 2024
If you're looking for a new Android phone, check out our guide to the best handsets on the market from budget to flagship and everything in between.
Engadget
Apple's 2023 iMac drops to a record-low price
Apple's 2023 iMac has dropped to its lowest price to date, but you'll need to be comfortable having just 8GB of RAM.
Engadget
iPad Pro 2024 vs. 2022: What’s changed
Apple updated its top-of-the-line tablets at its Let Loose event today. Our comparison lets you quickly glance at all the changes to the new model — big and small — to help you decide whether it’s worth the upgrade.
Engadget
Meta is expanding its paid verification service for businesses
Meta is expanding its paid verification service for businesses, adding three new tiers to the program that offers extra perks to companies willing to pay a monthly subscription.
Engadget
The Beats Fit Pro wireless earbuds are on sale for $160 right now
The Beats Fit Pro, our top pick for workout and running headphones, is 20 percent off at the minute.
Engadget
You can now buy a Pixel Tablet without a dock for $400, if that’s your bag
Google’s Pixel Tablet is now available standalone without the charging dock for $400. However, we found the charging dock to be one of the best parts of the whole experience.
Engadget
Arkane Austin and Tango Gameworks have been shut down
Microsoft has shuttered three ZeniMax teams: Arkane Austin, Tango Gameworks and Alpha Dog Studios. Roundhouse Games is also seeing changes.