THE WEBSITE that Equifax is advising that customers visit to check whether they've been impacted the recent breach on its systems by is "completely broken" and returning random results for concerned Americans.
Not only is the site being flagged by various browsers as a phishing threat, but it's also returning random results. Some users, for example, are being told they haven't been affected by the mega-hack, only for the website to throw up a different answer if they check from a different device.
What's more, Krebs has confirmed that entering gibberish information - such as '123456' - produced the same result as the one he saw when he entered his real information.
"I cannot recall a previous data breach in which the breached company's public outreach and response has been so haphazard and ill-conceived as the one coming right now from big-three credit bureau Equifax," Krebs said.
News of the hack on Equifax broke last week, with the credit report outfit admitting that the breach exposed the social security numbers and other personal details of about 143 million Americans, or 44 per cent of the country's population.
The Atlanta-based company said on Thursday that "criminals" had exploited a website application vulnerability to access files between mid-May and July of this year. Ondrej Vlcek, CTO and general manager at security outfit Avast, speculates that the attackers used a SQL injection flaw to gain access.
Information accessed includes names, Social Security numbers, birth dates, addresses and some driver's license numbers, all of which can be used by the attackers to hijack the identities of people whose credentials were stolen.
Credit card numbers belonging to approximately 209,000 US consumers were also accessed, as were dispute documents with "personal identifying information" for about 182,000 people.
Equifax says that the hackers also gained unauthorised access to "limited personal information" of some UK and Canadian residents, but has yet to give further details.
"Equifax will work with UK and Canadian regulators to determine appropriate next steps," the company said, somewhat vaguely.
Richard Smith, chief executive of Equifax, said that the breach - which is one of the largest ever reported in the US - was, er, "disappointing."
"This is clearly a disappointing event for our company and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes," he said.
"We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations.
"We also are focused on consumer protection and have developed a comprehensive portfolio of services to support all US consumers, regardless of whether they were impacted by this incident."
Equifax is offering customers free credit monitoring using its own breached service, but this move has been slammed by security experts.
Vlcek says that, rather than taking advantage of Equifax's offer, consumers should "consider looking into a credit freeze that will stop hackers from using your identity to accrue debt" and "closely monitor all email, social, credit card and bank accounts closely for suspicious activities."
As if news of the hack wasn't bad enough, Bloomberg reports that three Equifax executives sold company shares worth $1.8 million after the breach was discovered by the company on 29 July. the company claims that they "had no knowledge that an intrusion had occurred at the time they sold their shares."
The company claims that they "had no knowledge that an intrusion had occurred at the time they sold their shares."
This isn't the first time Equifax has been involved in a serious data breach. In 2013, the company confirmed that the personal details of famous people - including US Vice President Joe Biden, FBI Director Robert Mueller and, er, rap star Jay Z - were exposed on annualcreditreport.com, a site that allows consumers to monitor their credit reports. µ
The IoT has gone unsecured for too long, says DCMS and NCSC
Mobile-friendly app will offer a 'desktop-class' experience
Alexa, show me half-arsed implementation
Samsung reportedly orders in 6.66in OLED panels