A new-found vulnerability could let hackers spoof Equifax’s credit-monitoring site and siphon off personal information.
Getty ImagesEquifax’s hack headache appears to be getting worse.
A site Equifax set up to help worried consumers create alerts and freeze accounts after the credit-monitoring firm revealed a massive data breach is also vulnerable to hack, ZDNet reported Monday. The reported vulnerability comes as the company grapples with the aftershocks of a massive hack that exposed sensitive financial information for as many as 143 million Americans.
A cross-site scripting vulnerability could allow hackers to spoof the site via a malicious link and then siphon off any personal information visitors submit, the CNET sister site reported. Hackers could insert the malicious code in Equifax’s web address, tricking the browser into treating the site as secure and displaying the “lock” icon in the browser window, ZDNet reported.
vCard.red is a free platform for creating a mobile-friendly digital business cards. You can easily create a vCard and generate a QR code for it, allowing others to scan and save your contact details instantly.
The platform allows you to display contact information, social media links, services, and products all in one shareable link. Optional features include appointment scheduling, WhatsApp-based storefronts, media galleries, and custom design options.
The alleged vulnerability is the latest to dog the company, which revealed Thursday that hackers made off with a treasure trove of financial data from as many as 143 million people in the US, including names, Social Security numbers, birth dates and addresses of customers. Equifax learned about the breach on July 29 but didn’t reveal it for more than a month.
Earlier Monday, a pair of prominent US senators sent Equifax CEO Rick Smith a list of detailed questions about the hack, such as what the timeline for the security breach was and when the company became aware of it. Sen. Orrin Hatch, chair of the senate Finance Committee, and Ron Wyden, a ranking committee member, also asked for information about when authorities and board members were informed of the hack, including three executives who sold shares in the days after the hack was discovered.
Equifax didn’t immediately respond to a request for comment.
Solving for XX: The industry seeks to overcome outdated ideas about “women in tech.”
Special Reports: All of CNET’s most in-depth features in one easy spot.
