Hacked Credit Report Provider Equifax Echoes Sitcom With ‘Admin/Admin’ Database Password
Equifax’s “sloppy” security practices are going public.
“Sloppy” Equifax is poised for another security breach after revelations its Argentinian database had ‘admin’ as both the username and password.
Researchers from US firm Hold Security investigating Equifax after its shadowy hack which exposed details of 143 mln customers have said its Argentine arm is also easily hackable.
An employee portal known as Veraz gave researchers, who typed admin/admin as the username and password, access to personal details of 111 employees.
A further page contained 715 complaints from customers dating back years, each with social security numbers in plain text.
All that was protecting the sensitive personal information was what Hold security advisor Brian Krebs called “perhaps the most easy-to-guess password combination ever.”
“To me, this is just negligence,” founder Alex Holden added.
“In this case, their approach to security was just abysmal, and it’s hard to believe the rest of their operations are much better.”
Krebs meanwhile described the firm as “sloppy” as representatives took the offending portal offline.
Cointelegraph reported the giant data theft had occurred several months ago but only came to light six weeks afterwards as officials sought to keep the situation under control.
A separate inquiry is currently ongoing regarding three investors who sold $18 mln worth of shares between the date of the hack discovery and the public disclosure.