Please or to access all these features

Add post

Watch this thread

Save thread

Start a new thread

Flip thread

Hide thread

My feed

Active Unanswered threads

Getting started FAQ's

Unanswered threads Acronyms Talk guidelines

Hide shortcut buttons

Talk

AIBU?

Share your dilemmas and get honest opinions from other Mumsnetters.

Flip

1 2

Original poster

to think they should be legally required to tell you immediately?

41 replies

Elphame · 27/11/2017 15:33

Just had a letter from Equifax the credit reference agancy telling me I need to take immediate action to protect myself.

Apparently they were hacked in MAY and they've only just thought fit to tell me that some of my personal data is in the hands of scammers and fraudsters. I've been at risk for 6 months and only now they tell me and it is now vital I check whether they've been used fraudulently.

It was vital 6 months ago.

OP posts:

BonfiresOfInsanity · 27/11/2017 17:01

Just put mine in and it said 38 Billion years to crack

BonfiresOfInsanity · 27/11/2017 17:03

I just put in another one I use and it said 35 QUINTILLION YEARS to crack. Is that safe enough do you reckon?

BonfiresOfInsanity · 27/11/2017 17:04

I use lots of different ones.

SoupDragon · 27/11/2017 17:05

Are you all seriously typing your passwords into some random site to see if they are secure.....

I thought that too.

bubbleyagain · 27/11/2017 17:15

I use lastpass to keep track of my passwords and two factor authentication on everything.

BonfiresOfInsanity · 27/11/2017 17:16

Only ones that aren't used for anything important. I did a quick check on it's security first and it seemed OK but now you've made me paranoid and I'm changing even those two poxy passwords!

LurkingHusband · 27/11/2017 17:25

Really online security is a case of making sure you aren't the lowest hanging fruit.

As the phone hacking scandal shows, if those with ill intent target an individual, all bets are off.

Kintan · 27/11/2017 18:31

I had that letter too, and it just looked like they were trying to get me to sign up to their services. I just threw it away. All it said was someone had access to my name and d.o.b which aren't exactly secret and secure pieces of information anyway.

ForalltheSaints · 27/11/2017 18:34

Have Uber told anyone who uses their app? Some companies will do what they think they can get away with. Any law needs enforcement and the willingness to close down any business that does not comply immediately.

unplugmefromthematrix · 27/11/2017 18:56

YANBU it should be immediate - if you have been defrauded since, I would hold them liable personally.

Re 2 factor authentication - am I right on thinking that for this to be properly secure, then you need to looking at phone security and how secure your texts messages are from app permissions and Google etc.

CaptainMarvelDanvers · 27/11/2017 19:54

American customers have hit Equifax with a lawsuit, I wonder if there will be something similar going on here.

MaverickSnoopy · 27/11/2017 22:12

I didn't link to the website because I didn't want to be seen as giving out a random link and suggesting people click it. Obviously you have no idea if I'm reliable or some weirdo (and you should absolutely err on the side of caution). You cam see from my history I'm a regular poster though and I'm happy to disclose the workshop that I went to which is advertised online and the company have accolades from top UK companies as well as one particularly high up company.

Fwiw I didn't put my passwords on that website but I did type in ideas for new ones to get a sense of how it works. Then I will choose something entirely different. I asked the question..."but I have eleventy billion passwords, how do I remember them?" and apparently there are password managers you can sign up to (although I believe you have to pay). Some are better than others and some you should steer clear of. Personally I'm not sure how I feel about keeping all of my passwords in one place. What if they were hacked I said? I was told security is top notch...apparently...!

bananafish81 · 27/11/2017 22:56

Am I right in thinking that under GDPR Equifax would have had to inform customers immediately?

If you don't want to use an encrypted password keeper and want different passwords for every site that you can remember, you could do worse than follow the Xkcd Method

www.xkcd.com/936/

Take 4 random common words as your base

Let's use correct horse battery staple as the example

Make the first letter a capital

So Correcthorsebatterystaple

Add a number and a different character to the end

So Correcthorsebatterystaple1!

Then add the first three letters of the site in question, so you have a different password for each site

For example.

Amazon - Correcthorsebatterystaple1!ama

Facebook - Correcthorsebatterystaple1!fac

Ebay - Correcthorsebatterystaple1!eba

That formula should satisfy different sites' requirements for capitals, numbers etc and be something secure yet easy to remember

bananafish81 · 27/11/2017 22:59

I use One password as my encrypted password keeper, LastPass is also highly recommended

And the Xkcd formula

bananafish81 · 27/11/2017 23:07

The guy who invented these commonly adopted password rules now admits they were a waste of everyone's time (and recommendeds the Xkcd method)

gizmodo.com/the-guy-who-invented-those-annoying-password-rules-now-1797643987

gamerchick · 27/11/2017 23:12

I got that letter as well but don’t know what kind of risk it was. I don’t do online banking or PayPal. Hackers would be disappointed with the effort they made.

Flip

1 2

Swipe left for the next trending thread