Free Dark Web Report from Experian – Part Three

On Monday and Wednesday we took an in depth look at the free dark web scan being offered by Experian.  As we found out on Wednesday, I was not too impressed with the results of the free scan.  Better information is available from HaveIBeenPwned.com.

What is Experian really offering?  The free scan just looked for the email address I provided, the same as HaveIBeenPwned.  But, for the low, low price of $9.99 per month, Experian will also provide an ongoing scan for email address, social security number, phone numbers, drivers license, medical IDs, bank accounts, credit and debit cards, and passports.  This would be a much more comprehensive scan, and frankly more valuable.

I decided to give the 30-day free trial a try.  In order to make this possible, I had to provide Experian with more personal information.  Of course, this information is probably going to be stored unencrypted in a poorly defended Experian web server that will be a magnet for cyber-criminals, but what of that?  Hmmm.

So using an alias, I started to fill out the four step form.  Step one collected name, address, phone and email information.  My fake address of 666 Armageddon Way was rejected as invalid, so I provided a real address that was not mine.  At step two, they wanted my social security number, date of birth, a user name and password to set up the Experian account, and credit card information for my subscription billing.  Being unwilling to provide SSN or credit card information, I stopped.  Presumably steps 3 and 4 would have you providing drivers license, bank, medical insurance, and passport information.

A quick search of reviews on Google confirmed this, although providing some of the information is optional.  But whatever you didn’t provide would not be searched for, so this would limit the effectiveness of the service.  Nowhere was I able to confirm if this information is to be stored in an encrypted form.  But I was able to confirm that this information will be used for marketing purposes by Experian, sister companies, and affiliates.  I was also able to confirm that any legal actions you might want to take against Experian for some future breach would be subject to arbitration.

So I am NOT recommending this service.  This is just not worth the risk, and there are other organizations that are security focused, not credit focused, that can provide this service.  At this time, I have nothing to recommend other than HaveIBeenPwned, but stay tuned.  This is an interesting service option that we may eventually need to have just like home, auto, and business insurance.  I will be looking for reliable alternative services, and report on them in the future.

More information:

0

About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Senior Cybersecurity Engineer at Computer Integration Technologies, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.
  Related Posts

Add a Comment