Google allows 37,000 Chrome users to be tricked with a fake extension by fraudulent developer who clones popular name and spams keywords.
The Equifax security breach just keeps getting worse. At the end of the day this sad situation proves a point I have been pressing for years now. You can not trust others with your digital security. You must take security very seriously. The first thing everyone should do is – take passwords seriously, very seriously.
Think about this, would you leave your wallet or your purse on a table – all alone – in a public place? Of course you would not. Your passwords are even more important then this.
My reccomendation is to find a password manager, like LastPass and take some time setting up unique, encrypted passwords for each of your accounts. This is not as difficult or as expensive as it sounds. You can learn more about LastPass here.
OK – lets get back to the lastest disaster that is Equifax.
One month after news came out about a massive breach at Equifax, the credit bureau is still struggling with the fallout. The latest blow arrived yesterday when an independent security researcher reported discovering that links on the Equifax Web site were attempting to redirect him to a malicious URL.
In a blog post last week, analyst Randy Abrams said that he visited the Equifax site to check and see whether false information from another credit bureau had made its way into his credit report on Equifax. When he tried to access his personal information, he said he was redirected to a site with a fake Flash Player update screen. In a tweet yesterday, Abrams said it appeared that the issue might indicate Equifax’ Web site had been breached again.
Equifax revealed in early September that its systems had been compromised sometime between May and July, causing sensitive personal data for around 143 million Americans, as well as a number of Canadian and British citizens, to be exposed. Early this month, the company increased its estimate of the number of U.S. victims by 2.5 million. The U.K.’s National Cyber Security Centre reported earlier this week that nearly 700,000 Britons might have been affected by the breach.
Abrams noted on his blog that he “just sort of tripped over” the latest problem at Equifax’ Web site while trying to view his credit information. The appearance of a Flash update site was an immediate red flag, according to Abrams.
“Seriously folks, Equifax has enough on their plate trying to update Apache,” he said. “They are not going to help you update Flash. I know that nobody is surprised at my find, but watching Equifax is getting to be like watching a video of United Airlines ‘deplaning’ a passenger . . . It hurts.”
The fake Flash download links appeared during at least four separate visits Abrams made to the Equifax site, according to a report today in Ars Technica. An analysis by the German IT firm Payload Security gave the malicious file that attempted to load a threat score of 96 out of a possible 100.
Meanwhile, U.S.-based security writer Brian Krebs has pointed out that the Equifax breach could expose not only people’s names, Social Security numbers, and birth dates, but also details about their salary and employment histories. Krebs also criticized the Web site that Equifax created to keep people informed about the issue.