Equifax tweeted the wrong URL for its data breach website.

Equifax Repeatedly Tweeted the Wrong URL for Its Website About the Data Breach

Equifax Repeatedly Tweeted the Wrong URL for Its Website About the Data Breach

Future Tense
The Citizen's Guide to the Future
Sept. 20 2017 4:15 PM

Equifax Repeatedly Tweeted the Wrong URL for Its Website About the Data Breach

Cyber-Security-Concerns-In-The-Global-Wake-of-Hacking-Threat
Equifax can't seem to get Twitter right either.

Leon Neal/Getty Images

Equifax has suffered a critical decline in public trust over the last few weeks after security breaches exposed the private data of about 143 million people. The company’s Twitter account is only making matters worse.

Equifax has set up a website, www.equifaxsecurity2017.com, to help customers learn whether they were affected by the breach. The site requires users to enter personal information. But since Sept. 9, a customer service representative, apparently named Tim, has responded to disgruntled customers on Twitter by pointing them to a fake site: www.securityequifax2017.com.

equifax_tweets_fake
Advertisement

The company’s verified Twitter account sent out at least seven tweets with the bogus address. The tweets were finally deleted Wednesday afternoon, likely spurred by Twitter users like security researcher Tarah M. Wheeler discovering the gaffe.

 

(Update, Sept. 20, 8 p.m.: Equifax told Slate in an emailed statement: "All posts using the wrong link have been taken down. To confirm, the correct website is https://www.equifaxsecurity2017.com. We apologize for the confusion.")

Luckily for customers, and the company itself, the fake website isn’t actually a phishing attempt. If you go to securityequifax2017.com, you’ll be greeted by a mock Equifax page that lampoons the company for choosing “an easily impersonated domain” for their website. Phishing scams often use slight misspellings and reordering of words in web addresses to snare potential victims.

equifax_fake_page
Advertisement

Compare this to the actual site:

actual_equifax_site

Nick Sweeting, the web developer who created the dummy website Sept. 8, messaged me over Twitter that it only took him 20 minutes to make the clone. “It's in everyone's interest to get Equifax to change this site to a reputable domain. … I can guarantee there are real malicious phishing versions already out there.”

Sweeting only found out Wednesday morning that Equifax had been tweeting out his site, which he claims has been visited 78,653 times as of noon Eastern on Wednesday.

Asked about his reaction to the blunder, he responded, “Honestly I'm not really surprised.”

Future Tense is a partnership of SlateNew America, and Arizona State University.