
Equifax hack checker: For “Test” and “123456”, data has been breached - inertial
https://twitter.com/zackwhittaker/status/906247688768905216
======
subru
In a situation like this it's safer to say that your profile is safe only if
that specific identity is on a white list of known safe identities. Thus
things like test will by default, Show as unsafe which is better because it
hides information about who is unsafe. If designed right, random form data
will simply return unsafe silently. Maybe you could try testing for that.

------
wlesieutre
It's not like they can tell you "Name and SSN not found" when you put in
gibberish. That's a public facing interface to brute forcing what somebody's
SSN is. Just try numbers until you get a yes or no back.

If people are upset about this, what's the better option?

~~~
wolfgang42
This message is horribly misleading, though: if you're not in the database, by
definition you _haven 't_ been part of the breach. For example, I have no
credit history, but if I put my name and SSN into this site (I'm not going to,
for obvious reasons) it would tell me that I was probably hacked.

A better solution would have been to not put this on a website to begin with:
give everyone an extra free credit report on top of their usual three yearly,
and add a field to it saying whether or not you were hit. This re-uses all of
the regular security precautions of that process, rather than hastily
inventing a whole new procedure.

I can also see a potential advantage for them: since it's more annoying to
request a credit report than to put your name into a website, fewer people
would find out that they were part of the mess and get angry at them, while
they could say "look how generous we are, we gave everyone an _extra_ credit
report!"

------
velobro
I don't know why people are trusting the checking service since it was built
by the same company that leaked the damn info in the first place.

This isn't even taking into account that it's a bare metal WordPress
installation with a shitty (aka, free) ssl certificate

