Identity Thieves Bypassed Experian Security to View Credit Reports

Source

Identity thieves have been exploiting a glaring security weakness in the website of Experian, one of the big three consumer credit reporting bureaus. Normally, Experian requires that those seeking a copy of their credit report successfully answer several multiple choice questions about their financial history. But until the end of 2022, Experian’s website allowed anyone to bypass these questions and go straight to the consumer’s report. All that was needed was the person’s name, address, birthday and Social Security number. The vulnerability in Experian’s website was exploitable after one applied to see their credit file via annualcreditreport.com. In December, KrebsOnSecurity [...]