PogoWasRight.org

Menu
  • About
  • Privacy
Menu

Here’s why our system for authenticating consumers is busted

Posted on September 27, 2013July 1, 2025 by Dissent

Andrea Peterson reports:

When you apply for a loan or try to recover your lost e-mail password, you’ll often be asked to give information about a long-ago address, employer, or bank account. You might also be asked for your Social Security number or driver’s license. The idea is that only the real you would know such obscure details about your past.

This system provides a convenient way to authenticate consumers, but it also has an important vulnerability: anyone who has access to a comprehensive database that contains this kind of information can impersonate you.

Read more on Washington Post.

I had linked to Brian Krebs’ scoop over on DataBreaches.net, and of course, his findings are relevant to the same issues I raised in my complaint to the FTC about Experian, who also uses “knowledge based authentication.” The status of my complaint to the FTC is unknown to me as they never tell you what they’re doing, if anything, until they actually do something and issue a press release.

The  FTC and congressional committees looking into data aggregators and data brokers need to read Brian’s report carefully and assume that this is not just LexisNexis, Dun & Bradstreet, and Kroll – those are the only ones he knows about from what he acquired, but I would bet that there are more that we don’t know about.

No related posts.

Category: BreachesBusinessFeatured News

Post navigation

← Feinstein outlines NSA changes
FBI Drones Flew Since 2006, Audit Says →

Now more than ever

Search

Contact Me

Email: info@pogowasright.org

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

Categories

Recent Posts

  • Microsoft’s controversial Recall feature is now blocked by Brave and AdGuard
  • Trump Administration Issues AI Action Plan and Series of AI Executive Orders
  • Indonesia asked to reassess data privacy terms in new U.S. trade deal
  • Meta Denies Tracking Menstrual Data in Flo Health Privacy Trial
  • Wikipedia seeks to shield contributors from UK law targeting online anonymity
  • British government reportedlu set to back down on secret iCloud backdoor after US pressure
  • Idaho agrees not to prosecute doctors for out-of-state abortion referrals

RSS Recent Posts on DataBreaches.net

  • BreachForums — the one that went offline in April — reappears with a new founder/owner
  • Fans React After NASCAR Confirms Ransomware Breach
  • Allianz Life says ‘majority’ of customers’ personal data stolen in cyberattack
  • Infinite Services notifying employees and patients of limited ransomware attack
  • The safe place for women to talk wasn’t so safe: hackers leak 13,000 user photos and IDs from the Tea app
©2025 PogoWasRight.org. All rights reserved.
Menu
  • About
  • Privacy