Skip to main content
  1. Home
  2. Computing
  3. Business
  4. News

Equifax reopens salary search site, security expert says it’s still vulnerable

Add as a preferred source on Google

A salary lookup service provided by recently compromised credit bureau Equifax came back online after it was taken down for “security enhancements” on October 8. The service allows anyone to look up your salary and employment history going back at least 10 years by providing a few pieces of personal information: Your Social Security number and your date of birth.

It’s designed to provide income verification to employers, banks, and other “credentialed verifiers” but after the Equifax hack, the sensitive information you need to access someone’s even more sensitive information was out there, ripe for the taking. When security expert Brian Krebs brought attention to the issue in a post on his blog, Equifax took the site down.

Recommended Videos

Now, however, the website is back up and despite Equifax’s claims to the contrary, the security enhancements the company made to the Work Number, haven’t exactly enhanced security all that much.

“The only ‘security enhancements’ I saw that my source encountered was a prompt to enter his full name, date of birth, Social Security number, address, phone number and email, followed by the usual retinue of four multiple-guess ‘knowledge-based authentication’ (KBA) questions. I’ve long been a critic of these KBA questions, because the answers usually are available using sites like Zillow and Spokeo, to say nothing of social networking profiles,” Krebs wrote.

So, in short, you can still access someone’s income and employment history with readily available information — and a handful of less readily available information, illicitly procured from the dark corners of the internet. Krebs goes on to describe how even a credit freeze — the recommended course of action after your information has been compromised — won’t protect you entirely.

Those knowledge-based authentication questions, generated from your credit and income history, will still pop up when attempting to access your income history through the Work Number, but the questions won’t use financial information — they will be generated from other bits of information Equifax has about you, like your address history, and the names of lenders you’ve used in the past.

“What’s interesting is that these types of questions tend to be easier to answer than, say, ‘What was the amount of your most recent car loan payment?’” Krebs continues, describing how a credit freeze just might make it easier for identity thieves to access the sensitive personal information contained on the Work Number.

The best defense, Krebs says, is to sign into the Work Number yourself, set up a secure PIN, and add at least a half dozen security questions and answers to your account. The questions, he advises, should have answers only you would know that cannot be found via social media.

Jaina Grey
Former Digital Trends Contributor
Jaina Grey is a Seattle-based journalist with over a decade of experience covering technology, coffee, gaming, and AI. Her…
How to install macOS 27 Golden Gate public beta on your Mac?
From a smarter Siri to a more reliable Spotlight, here's your full walkthrough for installing macOS 27 Golden Gate's public beta today.
macOS 27 Golden Gate

Along with iOS 27’s public beta, Apple has also released macOS 27 Golden Gate’s public beta build, so that early adopters can get their hands on the new features, including Siri AI, and provide timely feedback to help ensure a stable iOS launch in September. 

If you’re sold on all the new features but don’t want to put your faithful MacBook through developer beta duty, a public beta offers a much more refined experience. To install macOS 27’s public beta, follow the steps given below. 

Read more
Microsoft is finally fixing the worst thing about Windows Search, but you can’t try it just yet
Windows Insiders in the Experimental channel are getting a Search experience that finally feels less of a billboard and more of what users actually need.
Page, Text, Person

Windows Search has been a mess for years, and I do not use that word lightly. Open it to find a file, and you get trending Bing topics, Microsoft Store promotions, and an AI tools tile that just opens a browser. 

That is changing, but not immediately for all users. Microsoft is rolling out a batch of Windows Search improvements to Insiders in the Experimental channel, and for once, this isn't just a fresh coat of paint.

Read more
Apple doesn’t want to share this AirPods feature with Meta, but the EU may force its hand
Spring 2027, EU only, built under DMA pressure.
The front of the Ray-Ban Meta smartglasses.

I’ve been an AirPods user for the last four years, and one of the things that makes it genuinely hard to leave behind is the seamless, almost magical pairing experience across devices. Open an AirPods case near your iPhone, and a pop-up appears within seconds. Switch to your Mac and the audio follows. 

However, the experience is limited only to Apple devices. Doesn’t matter whether you have one of the coolest pieces of tech on the market right now; if it’s not Apple, it won’t get the same treatment. However, that might change for the Meta Quest or the Ray-Ban Meta glasses, thanks to pressure from the EU. 

Read more