"Identity Thieves Exploit Security Flaw to Steal Credit Reports From Experian"

The credit reporting company Experian has experienced yet another security breach. Identity thieves obtained credit records by exploiting a security flaw on its website. KrebsOnSecurity revealed that identity thieves are exploiting the Experian website to acquire credit reports by using an individual's name, address, birthday, and Social Security number. After spending time in Telegram chat groups dedicated to exploiting compromised identities, a Ukrainian security researcher uncovered the vulnerability. Obtaining a credit report on the Experian website required answering numerous questions, but identity thieves learned they could deceive Experian into granting them access to credit reports. Access could be gained by modifying the address displayed in the browser's URL bar at a specific point during the identity verification process. This article continues to discuss identity thieves exploiting a security weakness on Experian's website to obtain credit reports and other security incidents faced in the credit reporting industry. 

SiliconANGLE reports "Identity Thieves Exploit Security Flaw to Steal Credit Reports From Experian"