It's only been a couple months since we found out about the massive Equifax data breach that exposed over 145 million Americans' critical information. Unfortunately, those of us who were impacted by the breach will be dealing with it for the rest of our lives.
That's because our Social Security numbers were stolen, and as you know, we can never replace them. Welp, brace yourself, Equifax has suffered yet ANOTHER security breach.
Has Equifax put your critical data at risk, again?
The Equifax data breach that happened in July is one of the worst of all time. Critical information stolen includes Social Security numbers, dates of birth, home addresses, and some drivers license and credit card numbers. Imagine the chaos a criminal could cause with that information. Scary!
Now, it turns out that Equifax had security vulnerabilities throughout its site for months. That means that multiple hacker groups could have stolen critical data of nearly every American.
Motherboard reported this week that a security researcher discovered a flaw with Equifax last December. The researcher said the vulnerability would allow anyone to access personal information from all consumers in the Equifax database. He said he was able to find full names, Social Security numbers, dates of birth, as well as city and state of residence.
The researcher warned Equifax of the flaw last December. The consumer credit reporting agency didn't patch the vulnerability until June of this year.
The flaw was discovered on a webpage that seemed to be a portal for employees, but anyone on the internet was able to access it. The webpage contained multiple search boxes that allowed anyone to force the site to display the personal information of Equifax's customers. They didn't even need credentials to get to the search page.
The researcher also said that while probing Equifax's servers, he was able to take control of several of them. He also found several servers were running outdated software and vulnerable to simple bugs like an SQL injection.
He told Motherboard, "It should've been fixed the moment it was found. It would have taken them 5 minutes, they could've just taken the site down. In this case, it was just 'please take this site down, make it not public.' That's all they needed to do."
We already knew that Equifax was lax on security, allowing the worst data breach of all time. This news makes it even worse. The fact that the company didn't take the researcher's warning seriously enough to patch the flaw for months is frightening! Can we really trust the company moving forward?
Since there is a greater chance of more data breaches by Equifax now, you need to know how to handle them. Here are safety steps you should take following a massive breach:
Keep an eye on your bank accounts
You should already be frequently checking your bank statements, looking for suspicious activity. It's even more critical when there is a massive data breach. If you see anything that seems strange, report it immediately. It's the best way to keep your financial accounts safe.
Set up two-factor authentication
Two-factor authentication, also known as two-step verification, means that to log into your account, you need two ways to prove you are who you say you are. It's like the DMV or bank asking for two forms of ID. This is an extra layer of security that will help keep your accounts safe. Click here to learn how to set up two-factor authentication.
Change your password
Whenever you hear news of a data breach, it's a good idea to change your account passwords. This is especially true if you use the same credentials for multiple websites. If your credentials are stolen from a breach, criminals can test them on other sites to log into those accounts as well. Read this article to help you create hack-proof passwords.
Beware of phishing scams
Scammers will try and piggyback on data breaches like this. They will create phishing emails, pretending to be from the affected company, hoping to get victims to click on malicious links that could lead to more problems. You need to familiarize yourself with what phishing scams look like so you can avoid falling victim to one. Take our phishing IQ test to see if you can spot a fake email.
If you haven't completed this one step following the Equifax breach, do it now. It's very critical!
Over 145 million people have been affected by the Equifax data breach, and it keeps getting worse. I've shared critical steps you need to take, but there's one step you may have missed that leaves you wide open to ID theft. Here's how to protect your SSN, and why it's so urgent. If you don't do this now, hackers will.