“Given that Experian doesn’t support two-factor authentication of any kind - and that I don’t know how they were able to get access to my account in the first place - I’ve felt very helpless ever since.”Īrthur Rishi is a musician and co-executive director of the Boston Landmarks Orchestra. “The most frustrating part of this whole thing is that I received multiple ‘here’s your login information’ emails later that I attributed to the original attackers coming back and attempting to use the ‘forgot email/username’ flow, likely using my SSN and DOB, but it didn’t go to their email that they were expecting,” Turner said. But now he’s wondering what else he could do to prevent another account compromise. Turner said he was able to regain control over his Experian account by creating a new account. “At that point, the representative read me the current stored security questions and PIN, and they were definitely not things I would have used.” “I was able to answer the credit report questions successfully, which authenticated me to their system,” Turner said. But the PIN and secret questions had already been changed by whoever re-signed up as him at Experian. Experian’s password reset process was useless at that point because any password reset links would be sent to the new (impostor’s) email address.Īn Experian support person Turner reached via phone after a lengthy hold time asked for his Social Security Number (SSN) and date of birth, as well as his account PIN and answers to his secret questions. Turner said that in early June 2022 he received an email from Experian saying the email address on his account had been changed. Turner said he created the account at Experian in 2020 to place a security freeze on his credit file, and that he used a password manager to select and store a strong, unique password for his Experian account. John Turner is a software engineer based in Salt Lake City. Research suggests identity thieves were able to hijack the accounts simply by signing up for new accounts at Experian using the victim’s personal information and a different email address. In both cases the readers used password managers to select strong, unique passwords for their Experian accounts. Twice in the past month KrebsOnSecurity has heard from readers who had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn’t theirs.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |