Hundreds of consumer records stored on an Argentinian Equifax database were allegedly protected by the generic username and password: ‘admin.’
After the credit monitoring company announced a massive breach last week in which over 140 million Americans’ private data was hacked, Milwaukee based cybersecurity firm Hold Security began probing Equifax’s other websites, when they discovered the company’s South American site was woefully un-secure.
The Argentinian Equifax database is unrelated to the breach in the U.S.
Via CNBC:
[T]hey were able to uncover personal employee information housed on Equifax’s South American site, including names, emails, and Social Security equivalents of over 100 individuals.
The researchers easily acquired administrative access and quickly discovered consumer complaint records, complete with the Argentine equivalent of Social Security numbers, known as Documento Nacional de Identidad (National Identity Document).
“What I can tell you is that we fixed the vulnerability immediately upon learning of it, and that this internal portal has not been in use since 2013. The Argentine consumer dispute information that was mentioned in the Krebs article is all publicly available, searchable and not confidential. Additionally, our consumer credit and commercial databases were not accessed or affected.”
‘Admin’, is that not the default MS Net Server password? That’s pathetic.
Admin is the default fir just about ANYTHING.
This has the feel of a con. Or set up. What the fuck comes to mind.
Everything is fake news. So. Stick a microchip in the asshole. Make it all safe. Can take a shit and still be okay. The ultimate trap.