Skip to main content

Equifax reopens salary search site, security expert says it’s still vulnerable

A salary lookup service provided by recently compromised credit bureau Equifax came back online after it was taken down for “security enhancements” on October 8. The service allows anyone to look up your salary and employment history going back at least 10 years by providing a few pieces of personal information: Your Social Security number and your date of birth.

It’s designed to provide income verification to employers, banks, and other “credentialed verifiers” but after the Equifax hack, the sensitive information you need to access someone’s even more sensitive information was out there, ripe for the taking. When security expert Brian Krebs brought attention to the issue in a post on his blog, Equifax took the site down.

Recommended Videos

Now, however, the website is back up and despite Equifax’s claims to the contrary, the security enhancements the company made to the Work Number, haven’t exactly enhanced security all that much.

“The only ‘security enhancements’ I saw that my source encountered was a prompt to enter his full name, date of birth, Social Security number, address, phone number and email, followed by the usual retinue of four multiple-guess ‘knowledge-based authentication’ (KBA) questions. I’ve long been a critic of these KBA questions, because the answers usually are available using sites like Zillow and Spokeo, to say nothing of social networking profiles,” Krebs wrote.

So, in short, you can still access someone’s income and employment history with readily available information — and a handful of less readily available information, illicitly procured from the dark corners of the internet. Krebs goes on to describe how even a credit freeze — the recommended course of action after your information has been compromised — won’t protect you entirely.

Those knowledge-based authentication questions, generated from your credit and income history, will still pop up when attempting to access your income history through the Work Number, but the questions won’t use financial information — they will be generated from other bits of information Equifax has about you, like your address history, and the names of lenders you’ve used in the past.

“What’s interesting is that these types of questions tend to be easier to answer than, say, ‘What was the amount of your most recent car loan payment?’” Krebs continues, describing how a credit freeze just might make it easier for identity thieves to access the sensitive personal information contained on the Work Number.

The best defense, Krebs says, is to sign into the Work Number yourself, set up a secure PIN, and add at least a half dozen security questions and answers to your account. The questions, he advises, should have answers only you would know that cannot be found via social media.

Jaina Grey
Former Digital Trends Contributor
Jaina Grey is a Seattle-based journalist with over a decade of experience covering technology, coffee, gaming, and AI. Her…
If you’re itching for an HP OMEN MAX gaming laptop, this deal will save you $500
The HP Omen Max gaming laptop with Valorant on the screen.

We've recently published a stunningly positive review of the HP OMEN Max 16. It's got a list of "Pros" a mile long. The single, obligatory con is "Thick and heavy." Considering that it's a gaming laptop, that's practically the equivalent of saying a flashlight is too bright to look at. Thick, and a bit heavy, just comes with the territory. All of this is to say that the review was great and we're fans of the HP OMEN Max 16. As a deal hunter it made me want to go and see if I could find a deal on the HP OMEN Max 16 and I did, sort of. Right now you can get a customizable HP OMEN Max 16t — a laptop that, if it didn't have a separate store page, I would think is identical to the one we reviewed — with a $500 discount, no matter what settings you choose. With the base settings of the laptop, that discount brings it from $2,100 to just $1,600, but you're free to upgrade to your heart's content. Tap the button below to start customizing to your whimsy or keep reading for some advice on how to do so and what to expect from the 16t.

Buy Now

Read more
Google’s AI agent ‘Big Sleep’ just stopped a cyberattack before it started
Sundar Pichai

Google's AI agent, dubbed Big Sleep, has achieved a cybersecurity milestone by detecting and blocking an imminent exploit in the wild—marking the first time an AI has proactively foiled a cyber threat. Developed by Google DeepMind and Project Zero, Big Sleep identified a critical vulnerability in SQLite (CVE-2025-6965), an open-source database engine, that was on the verge of being exploited by malicious actors, allowing Google to patch it before damage occurred. “We believe this is the first time an AI agent has been used to directly foil efforts to exploit a vulnerability in the wild,” the company said.

Why it matters: As cyberattacks surge—costing businesses trillions annually—this breakthrough shifts defense from reactive patching to AI-driven prediction and prevention. It gives security teams a powerful new tool to stay ahead of hackers, potentially saving devices and data worldwide. CEO Sundar Pichai called it "a first for an AI agent—definitely not the last" according to Live Mint.

Read more
Google confirms merging Chrome OS and Android into one platform
Google Chrome app on s8 screen.

Why it matters: Google's push to blend Chrome OS and Android could supercharge affordable laptops like Chromebooks, making them more versatile for work and play. This move echoes Apple's seamless ecosystem across iPadOS and macOS, potentially shaking up the PC market where Windows dominates but innovation lags.

What's happening: In a bombshell interview, Google's Android ecosystem president Sameer Samat outright confirmed the company is "combining Chrome OS and Android into a single platform. This follows months of rumors and aligns with Android 16's new desktop-friendly features, like proper windowing and external display support. But then Samat later clarified on X that it's not a full-on merger killing Chrome OS; instead, it's about weaving Android's tech stack deeper into Chrome for better app compatibility and hardware efficiency.

Read more