In a bizarre turn of events, consumer credit reporting agency Equifax Inc. has publicly suggested that those affected by its huge hacking should visit a fake site for further information.

The recommendation to visit the fake site came via a series of tweets on the official Equifax Twitter account. The tweets directed those affected to the fake site instead of to the official Equifax site set up specifically to help concerned consumers, Equifaxsecurity2017.com.

According to reports, the tweets directed customers to securityequifax2017.com, a site that mocks the ineptitude of Equifax for “using a domain that’s so easily impersonated by phishing sites.” Some sites are claiming that the fake site itself was a phishing site — Google alerts Chrome users that it is — but according to The Verge, the fake site itself was set up by full-stack developer Nick Sweeting to “expose vulnerabilities that existed in Equifax’s response page.”

“I made the site because Equifax made a huge mistake by using a domain that doesn’t have any trust attached to it [as opposed to hosting it on equifax.com],” Sweeting said. “It makes it ridiculously easy for scammers to come in and build clones — they can buy up dozens of domains, and typo-squat to get people to type in their info.”

Regardless of the intent, the mere fact that Equifax was publicly tweeting links to a fake site adds to an ongoing story that would make Shakespeare’s “Comedy of Errors” look like a tragedy. Starting with the breach itself, it has since been revealed that Equifax knew of the breach for months but failed to disclose it; that Equifax suffered an earlier hack in March which it also failed to disclose; that executives at the company used simplistic passwords on their accounts; and that some of the same executives also sold stock in the company prior to disclosing the hack, leading to a criminal investigation.

“The catastrophic breach of Equifax’s systems was inevitable because of systemic organizational disregard for cybersecurity and cyber-hygiene best practices, as well as Equifax’s reliance on unqualified executives for information security,” James Scott, a senior fellow at the Institute for Critical Infrastructure Technology, told SiliconANGLE.

Image: flickrhurst/Flickr