Mastodawn

Shorinsean Dec 27, 2022

Notified Experian on Dec. 23 that their site was allowing anyone to see the credit report for, well, basically anyone, completely bypassing their lame 4-5 multiple guess questions and other security.

Or even in cases (like mine) where trying to get your credit report generates an error saying you have 3 other options for getting your free report from them (calling, mailing, or chat w/ rep). The site said Experian didn't have enough info to validate my identity, but when I changed the url slightly, it showed me my entire report. Glad I checked, too, because the info in there is so completely wrong I don't even know where to start.

So it's Dec. 27, and I still haven't heard anything from Experian. All you needed was the person's name, address, SSN and DOB. This info has been exposed on pretty much most Americans for many years now.

BTW, I checked this with several friends who volunteered to check their own reports, and they were able to fully replicate what I did.

It's bad enough that we can't stop companies like Experian from making $2B a quarter collecting and selling our info, but there has to be some real accountability. And as we saw with the Equifax settlement, class-actions and more laughable "credit monitoring" services aren't going to cut it.

Experian has shown this year especially that it gives exactly zero fscks about securing access to the data that drives its entire business.

https://krebsonsecurity.com/2022/08/class-action-targets-experian-over-account-security/

https://krebsonsecurity.com/2022/07/experian-you-have-some-explaining-to-do/

https://krebsonsecurity.com/2021/04/experian-api-exposed-credit-scores-of-most-americans/

Class Action Targets Experian Over Account Security – Krebs on Security

andy Dec 27, 2022

@briankrebs That last sentence sums it up pretty well, I think.

Hammancheez Dec 27, 2022

@briankrebs imagine a world without credit bureaus like pre 1990 how did people even buy homes omg

Firehorseart Lives!Dec 27, 2022

@hammancheez @briankrebs

IIRC, in the UK my parents had to go to their bank and prove they had enough income/savings to get a mortgage.

If you were a temp, then you usually didn't qualify for a mortgage, even if you annually made the same as a perm. Banks prefer steady income.

You were at the mercy of your bank either way!

Credit ratings may be rubbish but they do seem to offer easier access to short term loans.

ediepdx Dec 28, 2022

@hammancheez @briankrebs You had to go to a local bank and beg for a loan (if you were white) or buy using private non bank lenders (everyone else).
And even now credit scores are not a shield against bad loans or fraud, as we see here.

Sarah T. Roberts, Ph.D.Dec 28, 2022

@hammancheez @briankrebs Well, for starters, they were probably white. 👎🏽

Tim McCormack Dec 29, 2022

@hammancheez @briankrebs On local reputation, I believe. And vibes.

There are many problems with credit bureaus, but it wasn't a picnic before them either.

(No, I don't know what the solution is.)

Francisco S.Dec 27, 2022

@briankrebs Well put Brian!
Also stop re-editing my autistic self has to clear the notifications everytime one pops up XD

Mike Thompson Dec 27, 2022

@briankrebs I find 'boost your credit score' a nice (worrying) touch. Basically share your bank transaction data with Experian that they then sell on, which rather than improve your credit rating, could actually reduce it and also expose you to purchase / spending, lending and also insurance prejudice.

What a world we live in.

Michael Richardson Dec 27, 2022

@briankrebs So, if they make money selling the information, and all the information is available to anyone, for free, it seems that someone ought to be able to do some arbitrage here.

Bitslingers-R-Us Dec 27, 2022

@briankrebs These companies are apparently too big to have humans with whom we can communicate, and that’s becoming more and more of an issue everywhere.

blurtling Dec 27, 2022

@briankrebs it is fucking exhausting that we are always at a constant disadvantage, getting-fucked-nonstop-itis, on behalf of all the rich upper classes. even shithole companies like experian I'm sure are somehow related to the <truly> elite, though itself small potatoes. it's sad that investigative journalists are this necessary for us normal folks. hard to have hope. thank you, @briankrebs ,for all your hard work and diligence

Will Pollock Dec 27, 2022

@briankrebs credit monitors should be forced to stay 100 miles away from data brokers

and yet that’s our reality (Experian will never suddenly grow a data conscience; congress must force it)

Phogna Bologna Dec 27, 2022

@briankrebs perhaps we should begin sending our Congresspeople their credit reports and see how they feel about it.

Josh Soref Dec 28, 2022

@bransonturner @briankrebs I wouldn't recommend that. It's easier for a congressional representative to ask police or FBI/secret service to persecute you than it is to get them to improve regulations on the credit bureaus.

Rousseau Dec 27, 2022

@briankrebs Experian is one of the companies jostling for position for mandatory age gating of websites in the UK. It's something I'm planning to cover in some toots in the coming days. #onlinesafetybill

Salem Devereaux Dec 27, 2022

@briankrebs I frequently check my credit with all 3 bureaus. All 3 are worthless, but it seems like #Experian is usually the worst when it comes to accuracy.

We Can Be Gyros Dec 27, 2022

@briankrebs they manufacture the Amercian caste system. How much has Jared and Trump borrowed with fake or no collateral?

Detomhet Dec 27, 2022

@briankrebs I have my account on a freeze. I believe this stops companies from being able to get credit info on my and therefore stops the credit company from making money on my credit info. We should all do this. I personally don't like the credit reporting agencies.

SpaceLifeForm Dec 27, 2022

That explains why I received one a few years ago via snail mail that I never requested.

leftyfb ☑️Dec 27, 2022

@briankrebs sorry, not to stick up for Experian, I don’t disagree with the rest of your diatribe, but you’re saying all you need is every piece of the most private information a U.S. citizen possesses and then you can view their credit report? What am I missing here? Isn’t that the same information every credit agency or bank asks for when signing up for an account? If you have all of that information, your credit report is probably the least of your problems.

alett Dec 27, 2022

@briankrebs here’s another problem… (not sure this is an issue with all banks) but a certain bank when you request to change you password ask for your last name, ssn, and dob, of which is available everywhere due to hacks/breaches.

John G Fitzgerald Dec 28, 2022

@briankrebs Sue Experian for everything they've got.

Martin Haeberli Dec 28, 2022

@briankrebs I wanted to re-check this against my own info - can someone share a link to the script?

Martin Haeberli Dec 28, 2022

@briankrebs or a URL?

Rusty Dec 28, 2022

@briankrebs
It’s definitely a racket! They’ve been assigned the only place to store all your most private information. Seems like there’s no oversight - no competition- no audits to publicly validate their security procedures…………..

@briankrebs hmm maybe they didn’t respond yet because of the holiday

toxtethogrady Dec 28, 2022

@briankrebs Experian was claiming someone was trying to set up a new account in my name, but I couldn't find any unusual activity anywhere. Good to know it might be Experian that has issues...

Nicholas 🏳️‍🌈🇮🇹🇺🇦Dec 28, 2022

@briankrebs Honestly the whole credit report system is a scam. I love that they offer a subscription to make sure your data is accurate and not stolen. But isn’t that their fucking job? So you pay then to make sure the data is safe and accurate. Banks pay them for accurate and reliable data. So what value are they adding?? #Experian #CreditAgency

Adrian Sanabria Dec 28, 2022

@briankrebs From what I can tell, it looks like they gave up on EI3PA, and I guess it shows.

antipode77 Dec 29, 2022

Credit rating reports being correct and protected against unauthorized views must be part of consumer protection.

Therefore a complaint should be deposed with the Consumer Financial Protection Bureau against the credit rating agencies.

https://www.consumerfinance.gov/

We’re the Consumer Financial Protection Bureau, a U.S. government agency dedicated to making sure you are treated fairly by banks, lenders and other financial institutions.

Consumer Financial Protection Bureau

The CFPB's vision is a consumer finance marketplace that works for American consumers, responsible providers, and the economy as a whole.

Consumer Financial Protection Bureau

sandywb14 Dec 29, 2022

@briankrebs 😡

unicorndeburgh Dec 30, 2022

@briankrebs @Chronotope Experian also does not support 2FA.

@briankrebs let's not forget just a month ago they also didn't give a fuck exposing the last 4 SSN of all consumers with name and dob

https://www.cyber.nj.gov/alerts-advisories/exploitation-of-kbv-tool-used-by-experian-other-organizations-could-expose-partial-ssns