1. Yesterday, an as-of-yet still unknown “hacker” released the private information of more than a dozen celebrities, leaking their phone numbers, mortgages, and Social Security numbers online.
2. To call this a hack, though, isn’t quite right. It’s actually a fairly straightforward process.
4. New York City’s system, known as ACRIS, prompts you for a name and a set of dates to search for documents within. Nothing more than what you could find on Wikipedia.
5. Here’s the ACRIS directory of properties associated with the name Michael R. Bloomberg, registered after January 1, 2002 (when he was elected mayor).
6. With enough searching through these kinds of documents you can grab almost everything you need for a “credit hack.”
7. Annualcreditreport.com is a site that’s been involved with a few of these “credit hacks.”
8. The site requires only cursory biographical information and a social security number. An early mortgage might include a Social Security number, and you already have a list of previous addresses.
9. Equifax, a data security company associated with Annualcreditreport.com, released a statement Tuesday confirming that someone did breach their records:
“At Equifax, data security is paramount and we have stringent security measures in place for protecting the data entrusted to us.
Equifax enables consumers to access their credit reports through a variety of channels, including annualcreditreport.com which is a free service. In order for a consumer to have access to their credit report through this channel, they must provide Personally Identifiable Information (PII) that should be known only to the individual.
We are aware of recent media reports pertaining to unauthorized access to files belonging to high-profile individuals. Equifax can confirm that fraudulent and unauthorized access to four (4) consumer credit reports has occurred through the annualcreditreport.com channel, a free public service that allows all consumers to get annual access to their credit report. Our initial investigation shows the perpetrators had the PII of the individuals whose files were accessed and were therefore able to pass the required authentication measures in place. We have launched a full investigation into this matter and we are also working closely with law enforcement authorities on this matter.”
10. This is not an obscure procedure, either:
A political campaign researcher, who wished to remain anonymous, told BuzzFeed this type of research is very basic. “I do this on every client I have — and their opponent,” he said. “This was not some super-secret hack. This was just basic research.”
11. Nor is this is a new problem in the data security world:
Wired covered a paper written by Christopher Soghoian, a fellow at Harvard’s Berkman Center, in 2009, in which he outlined a myriad of ways “credit hackers” could very legally mine out someone’s personal financial history.
From his paper’s abstract:
“This paper will present a number of loopholes and exploits against the system of consumer credit in the United States that can enable a careful attacker to hugely leverage her (or someone else’s) credit report for hundreds of thousands of dollars. While the techniques outlined in this paper have been used for the personal (and legal) profit by a small community of credit hackers, these same techniques could equally be used by more nefarious persons — that is, criminals willing to break the law, engage in fraud, and make off with significant sums of money.”
12. In April of 2012, Time Business wrote about this very simple form of data mining:
Time provided a step-by-step process of how to expose someone’s financial history legally. Geoff Webb, director of product marketing at Credant Technologies, admitted to Time that online credit services are essentially powerless to this form of mining.
“We have no direct control over the security of these online services, nor is it easy to know who has information about you,” Webb told them.
13. And in October of 2012, 3.6 million Social Security numbers were hacked in South Carolina:
South Carolina newspaper The State wrote about the breach, reporting that 387,000 credit and debit card numbers were exposed. They discovered that while Social Security numbers were encrypted, about 16,000 credit card numbers were not.
Please validate your account to contribute content.
Preview Your Response
- Pugly The Shockingly Easy Process Behind Th...
- consumerist.com readers just made The Shockingly Easy Process Behind Th... hotter
- berenice thinks The Shockingly Easy Process Behind Th... is OMG
- pax The Shockingly Easy Process Behind Th... and thinks it’s
- jonathanmichaelr added Gangnam Style (강남스타일) to the mix about 2 months ago
- jonathanmichaelr The Shockingly Easy Process Behind Th...
While I usually respect peoples opinions & what they wanna do & all that jazz, its wrong that they put phone numbers, SSN numbers, & addresses to all these people. If theyve done something wrong, air their dirty laundry , cool beans, but this is another level of intrusion & goes WAY over the line. Theyre gonna feel like assholes when somebody goes to the addresses listed & messes with these people. Its all fun & games until somebody gets hurt. Especially since they listed Michelle Obama, Robert Mueller (FBI director), Eric Holder (US attorney), Charlie Beck (LAPD chief), and Stacia Hylton (U.S. marhsalls director).
- victoriajenelle thinks The Shockingly Easy Process Behind Th... is Trashy, Fail & WTF
- ChrisRox thinks The Shockingly Easy Process Behind Th... is WTF
- digg.com readers just made The Shockingly Easy Process Behind Th... hotter
- The Shockingly Easy Process Behind Th... is starting to get hot on Twitter Tweet It
- The Shockingly Easy Process Behind Th... is starting to get hot on Facebook Share It
- brandonthanhd The Shockingly Easy Process Behind Th...
- Leron V thinks The Shockingly Easy Process Behind Th... is WTF
- jseid The Shockingly Easy Process Behind Th...
- senoritagrey thinks The Shockingly Easy Process Behind Th... is OMG
- angelicaa5 thinks The Shockingly Easy Process Behind Th... is WTF
- JustRandomAwes thinks The Shockingly Easy Process Behind Th... is Fail & OMG
- Heben Nigatu thinks The Shockingly Easy Process Behind Th... is WTF & OMG
- Thom thinks The Shockingly Easy Process Behind Th... is LOL
- Cc thinks The Shockingly Easy Process Behind Th... is OMG