"CSID, an identity monitoring firm that is in the midst of being acquired by credit bureau giant Experian."
Experian a few months ago had a breach whereby millions of T mobile customers who had no idea that Experian was storing their data, had all of their sensitive data stolen. Experian's "solution" to the problem was to offer those who had their data stolen 2 years of free credit monitoring. Think about that for a moment - "we allowed your sensitive data that you didn't approve of us storing to be compromised and so we will now offer you a 2 year service after which you will be charged."
That is so completely outrageous, people should be out with pitchforks and torches but you can't fight this stuff, these agencies are far too powerful.
Just to further underscore how outrageous Experian and the other two agencies are - Experian notified people who had their data compromised using snail mail! What kind of decision is that for a time-sensitive situation?!
Lastly the letter they sent to customers and I read my friend who was a victims letter, said that the data that was compromised was data they were storing on T Mobile's behalf, as if they were in no way culpable.
So I guess I this is their strategy going forward is to acquire a half-baked and suspect security firm that will damage innocent companies reputations the same way they themselves have damaged innocent people's credit and identities.
I would urge people to call the three big credit agencies - Trans Union, Experian and Equifax and request that your credit be "locked." This means that nobody can look at your credit profile, except for people you currently have a line of credit with. You will be issued a pin and if and when you need to apply for credit you can then unlock your credit profile and re0lock it afterward. You need to re-up on this every two years which is insane as having your credit profile locked should be the default and should be in perpetuity, but you do what you can.
You're getting angry at the second level cascade of absurdity.
The first level is realizing that "Identity theft" is a bullshit cover-your-ass scheme invented by banks and card networks to absolve themselves of responsibility for improperly securing their own systems.
Consumer identities are never "stolen". Maybe a criminal gets to know some numbers associated with you. Then, the fraud protections of a bank are breached by a fraudster. Thats a crime between the fraudster and the bank, and it's really a crazy innovation to say the consumer is responsible for the loss in that situation.
This. I can't believe how the media/government has completely bought into the fact that the creditor (bank) failed to do proper due diligence in order to verify who they are extending credit to. And to make it seem like it's the fault of the person being impersonated is absurd. SSN as a password was the single biggest banking failure ever committed, aside from what happened in the 2000's mortgage debacle.
The system runs on abstractions, which it inherently takes for granted as air-tight. Looking from inside the system, the abstraction of "identity" can never appear imperfect. So the observed behavior is described in terms of its internally-seen effects - an identity has been coopted by a bad actor, ergo it must have been stolen.
I'm not endorsing the mislabeling, just explaining how it came about. Obviously sanity, sustainability, and individual freedom depend on pushing back against that system's prescriptions and "keeping it real".
I was one of the people affected by this. I spent at least an hour trying to figure out if the paper letter I got was even legitimate, as it directed me to go to a domain I'd never heard of to enter personal details.
Eventually, I figured out it was nominally legit, but then I figured out the same organization that leaked my info was asking for more personal info so they could protect me. I opted not to do anything, because I couldn't think of any course of action that would improve the situation, and I certainly wasn't going to voluntarily give Experian any more of my info.
Experian's customers are not the people who received the letters. Their customers are those doing credit lookups for various reasons, and paying for it. Incentives matter, and Experian (et al) have an incentive to serve their customers, which is why they gather so much information and make it expensive, difficult, and inconvenient for their data subjects to withhold information.
Unfortunately this state of affairs is going to be difficult to fix with regulation (you can bet they'll lobby hard against that).
> I would urge people to call the three big credit agencies - Trans Union, Experian and Equifax and request that your credit be "locked." This means that nobody can look at your credit profile, except for people you currently have a line of credit with. You will be issued a pin and if and when you need to apply for credit you can then unlock your credit profile and re0lock it afterward. You need to re-up on this every two years which is insane as having your credit profile locked should be the default and should be in perpetuity, but you do what you can.
> You'll need to supply your name, address, date of birth, Social Security number and other personal information. Fees vary based on where you live, but commonly range from $5 to $10.
If anyone from Experian is reading this, for a low low free of $500/year I will refrain from making libelous comments[0]/defaming Experian and it's partners. Just remember to re-up after the offer expires!
[0]Libelous comments will come from my "partners", so I can't be held responsible for the accuracy of those claims.
Until then...
Fun Fact: According to a anonymous source, the board of Experian eat children on Friday.
I see we're both on the same page regarding credit reporting agencies ;) I hold out hope the Consumer Financial Protection Bureau puts the screws to them after they're done with payday lenders.
By locking your credit however you are denying them the future business of selling your credit profile. Think if everyone did it.
But yes it's completely outrageous - you have to pay someone you didn't approve of having you data in the first place from giving it to another party likely did't approve of also having it.
Actually, freezing your credit does nothing to stop the bureaus from selling, mining, combining or otherwise doing what they want with the data they hold about you.
Buried lede imo: TeamViewer having similar issues. Lots of folks claiming it's breached, TV denying it. A lot of potential mischief there, if breached.
I have found no indication that my TeamViewer computers were hacked, but after reading this for a few days I finally disabled TV on them last night and I'm looking for other solutions.
After using TeamViewer for over 5 years, I started getting a handful of invites on the service from random names about a month ago (I had never gotten a single invite prior). That alone signaled to me that something may be amiss. I'm afraid that where there is smoke, there's fire.
Have you considered NoMachine NX? I found it to be more or less comparable in terms of performance and settled on it because I wasn't very keen of the centralized TV model.
Yeah, those invites have been going out for a while now, I've been receiving them for the past 2~3 months. I set up a fresh windows 7 VM with the intention of seeing what would come of the requests - but none of them ever came online after accepting.
I couldn't find anything in that thread so I'll ask here in case anyone knows: is TeamViewer safe if it's NAT'ed with no open ports, or is there an opportunity when it phones home to compromise the machine?
From what I read someone might of hijacked teamviewers DNS records and pointed them at a server they control. People reported logins during the outage and even though they have TFA enabled. I've never heard of using teamviewer solely on the local network, but even so with an attack like that they can probably just push an infected update and own you that way.
Lifelock should just be regulated out of existence. If a company can add $100 of value per year by pretending to monitor credit reports, the credit bureaus can be instructed that whatever Lifelock is doing is table stakes for a company that is selling evaluations of creditworthiness.
Lifelock was just doing their job (they thought). Also they offer insurance of up to $1M for damages as a result of ID theft. As far as ID theft continues to be pervasive we need companies like LL.
So why not require the credit bureaus to spend $1 million when they fail to do what they say they do!
It's called identity theft, but that's just a successful marketing campaign by the lazy banks and credit bureaus. It's fraud, and they (try to) push the consequences off on a party that is not really able to prevent it from happening. We should just tell them they aren't allowed to do that. Then we don't need Lifelock anymore.
Usually the banks take responsibility for that as it's their duty to do due diligence (say that six times fast!). I've had my credit card # stolen plenty of times and never been liable.
Does lifelock actually work though? What can they possibly due to keep your data safe? If there is a breach at one of the big three credit reporting agencies and your data is accessed how doe Lifelock help you? They remind of the same sham commercial there used to be for agencies that "helped you repair your bad credit" which also was and still isn't possible.
I'm starting to think Lifelock would be a better product for consumers if they completely avoided the protection side of the business and just beefed up the insurance side of the business.
One of my free credit monitoring services, which I received as compensation from a previous data leak, alerted me last week that a few email accounts of mine wound up in a dropbox. A few things I noticed:
The alert only says that the "Potential Site" of where the email was compromised is listed as www.dropbox.com .
The option for changing a password in online mail clients is lost in the menu clutter. In Gmail the process is to click Menu Bubble > My Account > Signing in to Gmail > Password. The issue I had is that at the 1st menu level there are options for Google+ Profile, Settings, Privacy, and My Account which all seem like valid places for the Change Password option to live. Each submenu is similarly cluttered, though when I found the correct path it made sense in retrospect.
I can't imagine Grandma changing her Gmail password this way. Maybe Google could replace the "Dvorak Keyboard" menu (Select Input Tool > English Dvorak) with an Update Password button. Is there a simpler process I'm not aware of?
So many people will believe anything a "hacker" says as long as it's bad for them. In general, these 100 million password dumps are almost always complete garbage, but everyone along the way says "better to be safe than sorry" and ignores all the warning signs (in this case, that the file obviously wasn't Dropbox credentials).
I wonder if this file with the tumblr passwords was placed in an unprotected shared dropbox folder. Thus, although the actual passwords were from tumblr, the passwords were downloaded by "worm" via a dropbox "breach".
Agreed, This happened to them before I believe. Besides Dropbox, I heard other companies like Linkedin recently were hacked and thousands of users passwords were leaked. I guess its safe to say in this day and age you can never be sure sometimes
Experian a few months ago had a breach whereby millions of T mobile customers who had no idea that Experian was storing their data, had all of their sensitive data stolen. Experian's "solution" to the problem was to offer those who had their data stolen 2 years of free credit monitoring. Think about that for a moment - "we allowed your sensitive data that you didn't approve of us storing to be compromised and so we will now offer you a 2 year service after which you will be charged."
That is so completely outrageous, people should be out with pitchforks and torches but you can't fight this stuff, these agencies are far too powerful.
Just to further underscore how outrageous Experian and the other two agencies are - Experian notified people who had their data compromised using snail mail! What kind of decision is that for a time-sensitive situation?!
Lastly the letter they sent to customers and I read my friend who was a victims letter, said that the data that was compromised was data they were storing on T Mobile's behalf, as if they were in no way culpable.
So I guess I this is their strategy going forward is to acquire a half-baked and suspect security firm that will damage innocent companies reputations the same way they themselves have damaged innocent people's credit and identities.
I would urge people to call the three big credit agencies - Trans Union, Experian and Equifax and request that your credit be "locked." This means that nobody can look at your credit profile, except for people you currently have a line of credit with. You will be issued a pin and if and when you need to apply for credit you can then unlock your credit profile and re0lock it afterward. You need to re-up on this every two years which is insane as having your credit profile locked should be the default and should be in perpetuity, but you do what you can.