Keep an eye on your Experian accounts: Some profiles hijacked using personal info

This alert may not be shared outside your organization, Do Not Repost or send, place on other websites, List servers, or send to others via email, including other associations or parties. Members and Law enforcement use only. Contact us for any permissions. To do otherwise will result in the loss of membership.

Complete Story

07/12/2022

Keep an eye on your Experian accounts: Some profiles hijacked using personal info

The Register

Experian customers are reportedly at risk of having their accounts hijacked by fraudsters who only need a victim's personal information and a different email address to recreate an account in their name.

Infosec blogger Brian Krebs wrote in a column Monday that over the past month he was contacted by two readers who said their accounts at the consumer credit bureau had been compromised, and assigned new email addresses, despite using strong passwords for those accounts. Their account information, such as its PIN and secret question-answer pair, were also changed.

It appears it is possible to convince Experian to recreate someone's account, with a new email address, using that person's personal details, such as a social security number that may have leaked, and public records. At that point, the account password can be set by the miscreant, and subsequent requests to reset the password by the real owner to take back control will be sent to an email address they don't have access to.

Alerts

The FRPA alert system distinguishes us from other groups by gathering and providing information to law enforcement, retailers AND financial institutions.

more information

Resources

Your electronic library to help in fighting financial fraud for all of our partners.

more information