Equifax accidentally encouraged people to use the wrong website to check if their personal information was included in a massive security breach on numerous occasions.
Equifax’s website for updating consumers on the recent data breach, which affected 143 million people, is EquifaxSecurity2017.com. The company’s official Twitter account, however, has repeatedly posted links to a fake Equifax website under the name SecurityEquifax2017.com.
After being informed by one Twitter user that they had posted the wrong link on Tuesday, it was quickly deleted. However, another engineer pointed out that the account had repeatedly posted the fake link since September 9.
— Dl@RM@lD (@MadcapOcelot) September 20, 2017
“Luckily, the variant Equifax was mistakenly Tweeting out isn’t an actual phishing site,” reported Consumerist on Wednesday. “It’s an attempt by a web developer to call attention to the fact that Equifax made a monumentally bad decision by launching an insecure, easily spoofed site to begin with.”
According to the outlet, “A list of fake Equifax breach sites shared on Pastebin,” a number of which could be phishing scams, “currently has more than 1,000 entries, including every typo and letter variation you can think of.”
Following the data breach this month, Equifax faced controversy for including a clause in their security assistance website which barred consumers from being able to sue the company, before they promptly removed it.
Since the breach, an online chatbot has been configured to help those affected sue the company for up to $25,000, while it was also revealed that Equifax had suffered another cyberattack before the latest.