Hackers are actively exploiting weak Web site security at leading credit rating agencies and stealing customer credit reports for resale on the black market, according to a report by MSNBC.
Well trafficked websites like AnnualCreditReport.com, Equifax.com, or CreditReport.com are being hacked and consumer data stolen from them. The credit profiles of individuals with strong credit scores (750+) are being pilfered and sold for as much as $80 in underground, online black markets. Profiles with weaker credit scores are about half as valuable, said Dan Clements of the security firm CloudEyez.com, a firm that tracks lost or stolen data and intellectual property online.
“It shows how people with good credit and a net worth now have a bull’s-eye on their backs,” Clements told MSNBC on a virtual tour of a site dedicated to the sale of credit profiles.
Hackers’ claim that the credit reporting firms are easy to compromise. Reports are then offered up for site on Web sites, most based outside the U.S. Poorly secured Web sites have been to blame in a number of recent breaches, including the attack on Stratfor, a strategic intelligence firm.
Most of the sites peddling credit profiles are based in ‘.SU’ domain space. ‘.SU’ is the country code top-level domain for the Soviet Union, which, of course, no longer exists. As Threatpost reported in January, an increase in regulation on the .RU domain forced a number of malicious parties to migrate to this vestige of the Soviet era.
You can read the entire MSNBC report here.