If you’re feeling lost and confused following news of Equifax’s recent data breach, don’t worry: not even Equifax’s own customer service knows what’s going on. Twitter customer service agents have been redirecting customers to a fake phishing site, not run by Equifax and with zero relation to the company.

Agents are only doing this because Equifax’s site with information about the hack isn’t good to begin with. It made a website at equifaxsecurity2017.com to tell customers about the breach. But that URL isn’t memorable and is easily confused with something else — say, for example, securityequifax2017.com. So a web developer made a lookalike website at that similar address, with the intention of showing Equifax the error of its ways.

It didn’t work out exactly like he imagined.

Rather than recognize the potential security risk, one of Equifax’s Twitter agents has instead spent the last two weeks sending customers to the fake website. Gizmodo found eight tweets with the fake URL, dating back to September 9th:

The danger of a fake website is obvious: it could easily ask victims for identifying information, under the guise of working out if they were part of the breach or not. With no easy way to verify that the website is actually made by Equifax, customers are left oblivious. It was a bad idea to use a standalone website to begin with; tweeting out links to a fake website just makes things worse for the company.

Chris Mills has loved tinkering with technology ever since he worked out how to defeat the parental controls on his parents' internet. He's blogged his way through Apple events and SpaceX launches ever since, and still keeps a bizarre fondness for the Palm Pre.