In response to the attack, Equifax set up a website — www.equifaxsecurity2017.com — for possible victims to verify whether they're affected.
If users end up on the wrong site, they could end up leaking the data they're already concerned was stolen.
It was an easy mistake to make, but the result sent the user to a site with no connection to Equifax itself.
Equifax deleted the tweet shortly after this article was published, but it remained live for nearly 24 hours.
Further research revealed three more tweets that had sent potential victims to the same false address, dating back as far as September 9th.
Prior to Equifax customer service sharing the imposter site, Sweeting says he emailed the support team and tweeted to Equifax that he spotted a potential vulnerability.
Equifax just linked customers to my fake phishing version of their site by accident. »