go to sections menu

Cleanup on Isle 1! Really Experian? You still can sign up and take one’s account over? from blog The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: article commentary , musings > Cleanup on Isle 1! Really Experian? You still can sign up and take one’s account over?

Go to Homepage, contents or to navigation menu



Cleanup on Isle 1! Really Experian? You still can sign up and take one’s account over?

Experian,

I don’t know what to continue to say about your service. While I’ve not been on Mastodon much due to other things going on, I do know that I still read.

I read the article that Brian recently released titled It’s Still Easy for Anyone to Become You at Experian and I’m just at a loss for words.

One major highlight is that I can sign up for an account, using someone’s email address, my info, and no email is ever sent to that person saying that their info is set.

While I read on Mastodon that an SMS is sent to do the verification by link, you can skip that and do it on the computer and nobody ever knows.

Remember that this company suffered a data breach, and this is their security?

That last article, its leading to an article where they apparaently didn’t learn anything and they still haven’t learned anything.

When Equifax had their issues, they used Experian to assist. What?

blog post

I really didn’t go off on that, because I didn’t really know what to think about that ordeal.

Brian writes:

A request for my Experian account username required my full Social Security number and date of birth, after which the website displayed portions of an email address I never authorized and did not recognize (the full address was redacted by Experian).

Why the hell did they allow someone to take Brian’s account over? Brian had to take it back by resigning up? What? Is this not security 101?

He continues:

I immediately suspected that Experian was still allowing anyone to recreate their credit file account using the same personal information but a different email address, a major authentication failure that was explored in last year’s story, Experian, You Have Some Explaining to Do. So once again I sought to re-register as myself at Experian.

Can I just ask a question? Now Brian has lots of experience with this, and I am not questioning his article, but why would I use such a service that allows someone to use my email address to sign up and then give them their info instead of mine? Most services will not allow one to sign up with an email that belonged to someone’s account already. This is fucking discusting, I should say.

Skipping Brian’s experience, he writes:

In contrast, if you try to modify an existing account at either of the other two major consumer credit reporting bureaus — Equifax or TransUnion — they will ask you to enter a code sent to the email address or phone number on file before any changes can be made.

Of course they don’t comment when confronted with this, as the next paragraph says:

Reached for comment, Experian declined to share the full email address that was added without authorization to my credit file.

My question still asks why they allow this to begin with.

Anderson said all consumers have the option to activate a multi-factor authentication method that’s requested each time they log in to their account. But what good is multi-factor authentication if someone can simply recreate your account with a new phone number and email address?

So they say you should use two-factor, yet it doesn’t prevent shit like this?

Brian goes in to mastodon experiences and other links, so we’ll stop here. But I could see signing up for an account, but I honestly don’t see the point if Experian is fucking lackadaisical at best.

Please read Brian’s full report, this I think is beyond repair. How much more aweful can it get?

The boards await you. There’s plenty more in the article.


Informazioni sull'articolo

Cleanup on Isle 1! Really Experian? You still can sign up and take one’s account over? was released on November 20, 2023 at 5:30 am by tech in article commentary,musings.
Last modified: November 18, 2023.


Comments (0)

No comments yet.

Leave a comment

You must be logged in to post a comment.

go to sections menu


navigation menu

go to sections menu