Hackers got celeb info from free website

• Tweet

NEW YORK, March 13 (UPI) -- At least four public figures' private information was hacked from a website created to let U.S. consumers see their credit scores, credit agency officials said.

The people -- who now include first lady Michelle Obama -- had their information "accessed inappropriately" from annualcreditreport.com, a spokesman for credit reporting agency Equifax Inc. told the Ars Technica technology news and information website.

Annualcreditreport.com is jointly run by Equifax and two other giant credit reporting agencies, Experian PLC and TransUnion LLC. The site was created to comply with the credit agencies' obligations under the Fair and Accurate Credit Transactions Act to let U.S. consumers easily get free credit reports on themselves every year.

"What it appears happened is that personal identifiable information was evidently accessed or somehow obtained by the fraudsters who therefore were able to go into annualcreditreport.com and get some pieces of information on some individuals," Equifax spokesman Tim Klein told Ars.

TransUnion and Experian reported similar compromises.

The hackers used "considerable amounts of information about the victims, including Social Security numbers and other sensitive, personal identifying information, that enabled them to successfully impersonate the victims over the Internet in order to illegally and fraudulently access their credit reports," TransUnion said in a statement.

The "criminals accessed personal credential information through various outside sources, which provided them with sufficient information to illegally access a limited number of individual reports from some US credit reporting agencies," Experian's statement said.

None of the agencies would say whose accounts were compromised, but Klein told Ars four people's accounts were among the 21 whose sensitive personal information was posted on the hackers' website Monday and Tuesday.

United Press International reviewed the website and is not publishing its name. The site ends in an ".su" domain, which once indicated the Soviet Union.

The U.S. Justice Department, Secret Service and Los Angeles police said they were investigating the hackings -- a practice known in hacker and Internet slang as "doxing," derived from "documents" or "docx." The credit-reporting agencies said they were conducting their own internal investigations.

Obama is among the latest high-profile victims of the hacking.

The site expressed admiration for the first lady, even as it linked to a document purporting to show her credit history.

"Blame your husband, we still love you, Michelle," the website said, putting a "<3" heart next to Obama's name and including a poster-like "I Love Michelle Obama" graphic written to look like the "I Love NY" posters. It showed an image of the first lady's smiling face instead of the words "Michele Obama."

Below the message and graphic were personal information purporting to be hers -- including a Social Security number, her correct date of birth, three phone numbers, five Chicago addresses and a link to a web page dated March 11 purporting to show her TransUnion credit report.

Twenty other people's personal information was also published.

Current and former government officials targeted included Vice President Joe Biden, Attorney General Eric Holder, FBI Director Robert Mueller, U.S. Marshals Service Director Stacia Hylton, former Secretary of State Hillary Clinton, former Vice President Al Gore and Los Angeles Police Chief Charlie Beck.

Targeted celebrities and other high-profile individuals included Kim Kardashian, Mel Gibson, Ashton Kutcher, Jay-Z, Beyonce, Paris Hilton, Britney Spears, Sarah Palin, Hulk Hogan, Donald Trump, Arnold Schwarzenegger, Kanye West and Kris Jenner.

The site listed almost everyone's Social Security numbers, addresses, telephone numbers and credit reports.