Skip to main content

Equifax reopens salary search site, security expert says it’s still vulnerable

cfpb investigation equifax hack headquarters
Smith Collection/Gado/Getty Images
A salary lookup service provided by recently compromised credit bureau Equifax came back online after it was taken down for “security enhancements” on October 8. The service allows anyone to look up your salary and employment history going back at least 10 years by providing a few pieces of personal information: Your Social Security number and your date of birth.

It’s designed to provide income verification to employers, banks, and other “credentialed verifiers” but after the Equifax hack, the sensitive information you need to access someone’s even more sensitive information was out there, ripe for the taking. When security expert Brian Krebs brought attention to the issue in a post on his blog, Equifax took the site down.

Now, however, the website is back up and despite Equifax’s claims to the contrary, the security enhancements the company made to the Work Number, haven’t exactly enhanced security all that much.

“The only ‘security enhancements’ I saw that my source encountered was a prompt to enter his full name, date of birth, Social Security number, address, phone number and email, followed by the usual retinue of four multiple-guess ‘knowledge-based authentication’ (KBA) questions. I’ve long been a critic of these KBA questions, because the answers usually are available using sites like Zillow and Spokeo, to say nothing of social networking profiles,” Krebs wrote.

So, in short, you can still access someone’s income and employment history with readily available information — and a handful of less readily available information, illicitly procured from the dark corners of the internet. Krebs goes on to describe how even a credit freeze — the recommended course of action after your information has been compromised — won’t protect you entirely.

Those knowledge-based authentication questions, generated from your credit and income history, will still pop up when attempting to access your income history through the Work Number, but the questions won’t use financial information — they will be generated from other bits of information Equifax has about you, like your address history, and the names of lenders you’ve used in the past.

“What’s interesting is that these types of questions tend to be easier to answer than, say, ‘What was the amount of your most recent car loan payment?’” Krebs continues, describing how a credit freeze just might make it easier for identity thieves to access the sensitive personal information contained on the Work Number.

The best defense, Krebs says, is to sign into the Work Number yourself, set up a secure PIN, and add at least a half dozen security questions and answers to your account. The questions, he advises, should have answers only you would know that cannot be found via social media.

Editors' Recommendations

Jayce Wagner
Former Digital Trends Contributor
A staff writer for the Computing section, Jayce covers a little bit of everything -- hardware, gaming, and occasionally VR.
Millions of real estate records were publicly accessible due to lax security
Stock photo of lock and data

A major financial services company, First American Corporation, has left millions of records publicly accessible on its servers. The data included bank account details, bank statements, mortgage records, driver's license images, and Social Security numbers, and was available to access without authorization by anyone who connected to an area of the company's website.

The company provides title insurance and settlement services, and is a major player in the real estate and mortgage industries. The publicly accessible data was discovered by a real estate developer who reported it to the company but got no response. He then shared the finding with an online security blog.

Read more
What is an RSS feed? Here’s why you should still use one
A person using a HP ENVY x360 2-in-1 15.6-inch Touch-Screen Laptop sitting on a bed.

With so much new content on the web added daily, it can be tough to keep up with what's happening online. People try several different ways, including visiting specific websites every day, doing Google searches, or relying on social media to keep them informed. One solution that sometimes gets overlooked is an old-school one: The RSS feed.

What is an RSS feed? It's a technology that has influenced many modern internet tools you're familiar with, and its streamlined, algorithm-free format could make it your next great tool for reading what you want online.
What is RSS?

Read more
Best laptop deals: Save on HP, Lenovo, Dell and Apple
Asus ROG Zephyrus M16 playing Cyberpunk 2077.

Buying a new laptop can be very daunting, especially with how saturated the market is with dozens of options from nearly a dozen brands and various configurations of each of those laptops. Even worse is trying to navigate the maze of available laptop deals across various retailers, and for those who don't want to do all that legwork, you're in luck! We've used our experience to collect the best deals in various categories to ensure you get the best bang for your buck. All you need to do is have a general sense of what specs or brand you want, and we'll likely have a deal for it listed below.

Best Laptop Deals

Read more