Homepage / Technology / Equifax used 'admin' for the login and password of a non-US website
Başkanın ilk icraatı işçi kıyımı olmuştur! 719 7slots kumarhane 90 Business Online Solutions What Is a Board Analysis? The Importance of Planning and Programs Development How Board Governance Software Improves Meetings and Governance How to Craft a Successful Board Meeting Reminder Benefits of a Virtual Data Room for Bankruptcy VDR Example for Business Hong Kong ユースカジノの登録方法を初心者にも分かりやすく図解入りで解説 チェリカジ 5 Как быстро пополнить счет в Казино Х в любой валюте Официальный сайт Up X казино и мгновенные игры Paşa Casino Mobil Uygulama 2025 Giriş Üyelik Bonusu Freespin No Deposit Bonus Casino Free Spins In New Zealand What Are The Best Online Casinos For Real Money Pokies And Bonuses In Australia Дэдди Казино официальный сайт Джойказино: информация про официальный сайт Glory Casino giriş için buraya tıkla ve Türkiyede en popüler casino kullanıcısı ol Les Gambling establishments en Ligne en France 2024 200% Reward + 300 Free Rotates LevelUp Internet casino Melbourne En İyi ve Güvenilir Casino Siteleri Canlı Casino Siteleri 2023 Listesi En İyi ve Güvenilir Casino Siteleri Canlı Casino Siteleri 2023 Listesi Le meilleur casino en ligne franзais Extra Casino avec le dйpфt minimal le in addition bas Yeni Casino Siteleri ᐈ Çevrimiçi Kumarhaneler Mart 2024 Les gambling establishments en ligne proposent une grande variйtй de jeux de internet casino gratuits. Türkiye’deki Resmi Web Sitesi Google Play, Türkiye’de kumar oyunlarına izin verecek Her Gün Tatil Olsa ORDU’DA PAZARTESİ GÜNÜ FINDIK FİYATI NASIL? كازينو اون لاين الكازينوهات الممتازة على الإنترنت ألعاب الكازينو المباشرة مينا كازينو العر Google Play, Türkiye’de kumar oyunlarına izin verecek Domain Sorgulama & Domain Fýrsatlarý Canlı Casino Siteleri: 2024 Güvenilir Siteler Seçilmiştir Golden Easter Slot İncelemesi 2024, Demoyu Ücretsiz Oynayın Golden Easter Slot İncelemesi 2024, Demoyu Ücretsiz Oynayın 1xbet Türkiye Giriş Empieza Kayıt 202 Kumar Ve Kumarhaneler Hakkında Pek İlginç 21 Bilgi Kumarhane Doğru Yazımı Nedir? Tdk Ile Kumarhane Kelimesinin Doğru Yazılışı! Mobilbahiste En İyi Kumar Bonusları Ve Kazançlar Mobilbahis Giriş Sayfası On Line Casino Siteleri En Iyi Casino Siteleri 2024 Mostbet: Türkiye’de Internet Casino Mostbet Online Slotlar Ve Canlı-casin Pin Up Casino Oyna Türkiye, Pinup’un Sah Web Sites Ifade Haberleri Son Dakika Ifade Hakkında Güncel Haber Ve Bilgiler “önceliğimiz Transferin Önünü Açmak, Görüştüğümüz Yerler Var” On Line Casino Nuh’un Gemisi Deluxe Resort & Spa, Kıbrıs The Benefits of Document Management Bonus Veren Siteler 3 000 Den Fazla Online Oyunu Ücretsiz Oyna En Tehlikeli Kumar Oyunu Ekşi Sözlük Deneme Bonusu Veren Siteler Deneme Bonusu 2024 Explore the Magic of WildCardCity Güvenilir Bahis Siteleri En İyi Kumar Siteleri Balıkesir Triatlonuna Avrupadan Ödül Tricks of the Aviator gambling establishment game by Spribe Çevrim Içi Kumar Siteleri “bonus” Yalanıyla Kandırıyor En Güvenilir Canlı On Line Casino Siteleri Xbetting-tips Com Uncovering the Abundant Tapestry of Ozwin Gambling establishment Evaluating Board Portal Providers Uncovering the Wealthy Tapestry of Ozwin On line casino Electronic Data Area Providers Evaluation Cobra Internet casino: Raising the Australian On the internet Video gaming Practical experience 4 Things to Search for in Safeguarded Cloud Safe-keeping Fastpay On line casino Australia – Simple and No-Taxation Wagering Web page officielle franзaise de Joka Gambling establishment The Software Development Universe Game Woo Internet casino – Enjoy Slot machine games around australia Ostdeutsche Biersorten What Are Virtual Data Rooms? Vitamin D Receptor Polymorphisms Revue du Casino BlackLabel Faktory, kterй ovlivnujн hodnocenн ceskэch online kasin How to Make the Most of Your Web Development Organization and Advertising Efforts L’essor des casinos en ligne en France Boost Meeting Efficiency With Boardroom Technology Developments WildJoker Casino WildCardCity On line casino – Guaranteed Australian Gambling Portal WildCardCity Casino – The Ideal On the internet Gambling establishment within australia Modern Technologies Produce Sharing Documents Online Faster and More Protect Free Virtual Info Room pertaining to Speedy Due Diligence A Review of Data Area Software For people who do buiness Five Board Bedroom Features Which will help You Acquire a More Productive Boardroom Electronic Systems To your Business Understanding Legal Terms and Laws in Today’s World The Laws and Contracts of Hollywood: A Sunset Blvd. Tale Legal Discussion Between Johnny Cash and Antonin Scalia Legal Insights: What Teens Should Know Legal Issues and Exceptions: What You Need to Know Legal Insights and Expert Analysis Celebrity Dialogue: Legal Matters in the 21st Century Famous Personalities Discuss Legal Issues The Boys in the Boat: Legal Advisors and The Quest for Legal Knowledge Understanding Legal Matters: Q&A on Criminal Law, Joint Ventures, and More Enticing Title The Departed: Understanding Basic Work Requirements and Legal Rights Youth Slang Blog Article Legal Insights: A Journey into the World of Law The Ins and Outs of Legal Matters: Everything You Need to Know Legal Insights and Trends: A Rap Guide Mysterious Legal Matters Unveiled

Technology

Equifax used 'admin' for the login and password of a non-US website

Written by finanster
on September 14, 2017
Leave a comment

Scores of accounts on Equifax‘s website in Argentina allegedly were protected by the same generic username and password: “admin.”

Researchers at Hold Security, a Milwaukee-based cybersecurity firm, found that after some guesswork, they were able to uncover personal employee information housed on Equifax’s South American site, including names, emails, and Social Security equivalents of over 100 individuals.

The researchers easily acquired administrative access and quickly discovered consumer complaint records, complete with the Argentine equivalent of Social Security numbers, known as Documento Nacional de Identidad (National Identity Document).

“You don’t expect anything like that,” said Alex Holden, Hold Security’s chief information security officer. “An ability to lookup cases for individuals based on a single numeric ID and gender drew our attention.”

The research came as Equifax sank deeper into a controversy over its handling of a data breach that could affect 143 million people.

The credit reporting company is now facing multiple investigations. In a rare public acknowledgement, the Federal Trade Commission announced Thursday that it has opened a probe into Equifax’s breach in the United States.

What Hold Security found is not related to the breach in the U.S., which Equifax disclosed last week. But Equifax promptly shut down the website after the research was made public by a security blogger named Brian Krebs.

In a statement to CNBC on Thursday, Equifax said:

“We learned of a potential vulnerability in an internal portal in Argentina which was not in any way connected to the cybersecurity event that occurred in the United States last week. We immediately acted to remediate the situation, which affected a limited amount of public information strictly related to consumers who contacted our customer service center and the employees who managed those interactions.”

“What I can tell you is that we fixed the vulnerability immediately upon learning of it, and that this internal portal has not been in use since 2013. The Argentine consumer dispute information that was mentioned in the Krebs article is all publicly available, searchable and not confidential. Additionally, our consumer credit and commercial databases were not accessed or affected.”

Since it announced the U.S. data breach last Thursday, Equifax shares have fallen more than 30 percent through Wednesday’s close. But that’s just the beginning of Equifax’s woes.

The FTC’s spokesman, Peter Kaplan, said Thursday, “In light of the intense public interest and the potential impact of this matter, I can confirm that FTC staff is investigating the Equifax data breach.”

In addition, Massachusetts announced plans Wednesday to file a lawsuit, which will maintain that the company failed to adopt appropriate safeguards to protect the sensitive data. New York, Illinois, Pennsylvania and Connecticut and other states are also investigating, while nearly two dozen class-action lawsuits have already been filed.

Massachusetts Attorney General Maura Healey said Tuesday the Equifax breach “may be the most brazen failure to protect consumer data” her office has seen. Eric Schneiderman, New York’s attorney general, warned people to be vigilant about hacking and other online and email attacks.

The disclosure of the U.S. data breach prompted Holden to take a look at Equifax’s web security outside the U.S., he said. After first exploring the Argentine website, which initially required a national identification number, the researchers arrived at a different login interface after shortening the site’s URL.

“We put in admin, admin [as credentials] and to our surprise we were in,” he continued.

“We obviously did not state that there was a breach. We highlighted a horrendous security practice which, perhaps, was indicative of the overall data care that led to the breach in the US. But in my professional opinion, if any hacker would look at this part of the website, it would be breached,” Holden told CNBC.

After making the initial discovery, Holden turned to security researcher Brian Krebs to assess his findings.

“Worse still,” Krebs said, “each employee’s username appears to be nothing more than their last name, or a combination of their first initial and last name. In other words, if you knew an Equifax Argentina employee’s last name, you also could work out their password for this credit dispute portal quite easily.”

Krebs is a widely followed blogger on security issues. “I don’t have much advice for Argentinians whose data may have been exposed by sloppy security at Equifax,” he said in a blog post on Tuesday. “But I have urged my fellow Americans to assume their SSN and other personal data was compromised.”

Source: Tech CNBC
Equifax used 'admin' for the login and password of a non-US website

Comments are closed.