from Hacker News

Equifax hack checker: For “Test” and “123456”, data has been breached

by inertial on 9/9/17, 7:33 PM with 4 comments

• by subru on 9/9/17, 10:01 PM

  In a situation like this it's safer to say that your profile is safe only if that specific identity is on a white list of known safe identities. Thus things like test will by default, Show as unsafe which is better because it hides information about who is unsafe. If designed right, random form data will simply return unsafe silently. Maybe you could try testing for that.

• by wlesieutre on 9/9/17, 10:42 PM

  It's not like they can tell you "Name and SSN not found" when you put in gibberish. That's a public facing interface to brute forcing what somebody's SSN is. Just try numbers until you get a yes or no back.

  If people are upset about this, what's the better option?

• by velobro on 9/9/17, 9:37 PM

  I don't know why people are trusting the checking service since it was built by the same company that leaked the damn info in the first place.

  This isn't even taking into account that it's a bare metal WordPress installation with a shitty (aka, free) ssl certificate