Free Dark Web Report from Experian – Part Three

On Monday and Wednesday we took an in depth look at the free dark web scan being offered by Experian.  As we found out on Wednesday, I was not too impressed with the results of the free scan.  Better information is available from HaveIBeenPwned.com.

What is Experian really offering?  The free scan just looked for the email address I provided, the same as HaveIBeenPwned.  But, for the low, low price of $9.99 per month, Experian will also provide an ongoing scan for email address, social security number, phone numbers, drivers license, medical IDs, bank accounts, credit and debit cards, and passports.  This would be a much more comprehensive scan, and frankly more valuable.

I decided to give the 30-day free trial a try.  In order to make this possible, I had to provide Experian with more personal information.  Of course, this information is probably going to be stored unencrypted in a poorly defended Experian web server that will be a magnet for cyber-criminals, but what of that?  Hmmm.

So using an alias, I started to fill out the four step form.  Step one collected name, address, phone and email information.  My fake address of 666 Armageddon Way was rejected as invalid, so I provided a real address that was not mine.  At step two, they wanted my social security number, date of birth, a user name and password to set up the Experian account, and credit card information for my subscription billing.  Being unwilling to provide SSN or credit card information, I stopped.  Presumably steps 3 and 4 would have you providing drivers license, bank, medical insurance, and passport information.

A quick search of reviews on Google confirmed this, although providing some of the information is optional.  But whatever you didn’t provide would not be searched for, so this would limit the effectiveness of the service.  Nowhere was I able to confirm if this information is to be stored in an encrypted form.  But I was able to confirm that this information will be used for marketing purposes by Experian, sister companies, and affiliates.  I was also able to confirm that any legal actions you might want to take against Experian for some future breach would be subject to arbitration.

So I am NOT recommending this service.  This is just not worth the risk, and there are other organizations that are security focused, not credit focused, that can provide this service.  At this time, I have nothing to recommend other than HaveIBeenPwned, but stay tuned.  This is an interesting service option that we may eventually need to have just like home, auto, and business insurance.  I will be looking for reliable alternative services, and report on them in the future.

More information:

0

About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Owner of the WyzCo Group Inc. In addition to consulting on security products and services, Bob also conducts security audits, compliance audits, vulnerability assessments and penetration tests. Bob also teaches Cybersecurity Awareness Training classes. Bob works as an instruction for CompTIA’s non-profit IT-Ready Program in the Twin Cities. IT-Ready is a tuition free 8-week program designed to teach students of all ages the fundamentals of IT support to prepare them for an entry level position in Information Technology Support. Graduates of the classes take the exams to become CompTIA A+ certified. Bob is a frequent speaker at conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. Bob has been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com
  Related Posts

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.