iBankCoin

ZeroPointNow

zeropointnow
Wake up. Break the cycle. Teach your children.
Joined Oct 24, 2016
1,140 Blog Posts

Equifax Used ‘Admin’ As Login And Password For Second Database

zeropointnow Thu Sep 14, 2017 8:20pm EST 4 Comments

Hundreds of consumer records stored on an Argentinian Equifax database were allegedly protected by the generic username and password: ‘admin.’

After the credit monitoring company announced a massive breach last week in which over 140 million Americans’ private data was hacked, Milwaukee based cybersecurity firm Hold Security began probing Equifax’s other websites, when they discovered the company’s South American site was woefully un-secure.

The Argentinian Equifax database is unrelated to the breach in the U.S.

Via CNBC

[T]hey were able to uncover personal employee information housed on Equifax’s South American site, including names, emails, and Social Security equivalents of over 100 individuals.

The researchers easily acquired administrative access and quickly discovered consumer complaint records, complete with the Argentine equivalent of Social Security numbers, known as Documento Nacional de Identidad (National Identity Document).

“You don’t expect anything like that,” said Alex Holden, Hold Security’s chief information security officer. “An ability to lookup cases for individuals based on a single numeric ID and gender drew our attention.”
Equifax responded to CNBC, telling the network:
“We learned of a potential vulnerability in an internal portal in Argentina which was not in any way connected to the cybersecurity event that occurred in the United States last week. We immediately acted to remediate the situation, which affected a limited amount of public information strictly related to consumers who contacted our customer service center and the employees who managed those interactions.”

“What I can tell you is that we fixed the vulnerability immediately upon learning of it, and that this internal portal has not been in use since 2013. The Argentine consumer dispute information that was mentioned in the Krebs article is all publicly available, searchable and not confidential. Additionally, our consumer credit and commercial databases were not accessed or affected.”

Multiple investigations
Equifax is facing several investigations, including a major probe by the Federal Trade Commission (FTC) announced Thursday.
Shares take a nosedive
Since announcing the hack last Thursday, Equifax shares have dropped more than 30 percent, closing at a 2.5 year low of $96.66.
If you enjoy the content at iBankCoin, please follow us on Twitter

4 comments

  1. sarcrilege
    sarcrilege
    September 14, 2017 at 8:24 pm

    ‘Admin’, is that not the default MS Net Server password? That’s pathetic.

    • 0
    • 0
    • 0 Deem this to be "Fake News"
  2. Herm
    Herm
    September 14, 2017 at 10:59 pm

    Admin is the default fir just about ANYTHING.

    • 0
    • 0
    • 0 Deem this to be "Fake News"
  3. ironbird
    ironbird
    September 15, 2017 at 2:54 am

    This has the feel of a con. Or set up. What the fuck comes to mind.

    • 0
    • 0
    • 0 Deem this to be "Fake News"
  4. ironbird
    ironbird
    September 15, 2017 at 3:05 am

    Everything is fake news. So. Stick a microchip in the asshole. Make it all safe. Can take a shit and still be okay. The ultimate trap.

    • 0
    • 0
    • 0 Deem this to be "Fake News"

Leave a Reply

Your email address will not be published. Required fields are marked *

© Copyright 2007-2024 iBankCoin All rights reserved under penalty of bodily harm. DISCLAIMER: This is a personal web site, reflecting the opinions of its author(s). It is not a production of my employer, and it is unaffiliated with any FINRA broker/dealer. Statements on this site do not represent the views or policies of anyone other than myself. The information on this site is provided for discussion purposes only, and are not investing recommendations. Under no circumstances does this information represent a recommendation to buy or sell securities. DATA INFORMATION IS PROVIDED TO THE USERS "AS IS." NEITHER iBankCoin, NOR ITS AFFILIATES, NOR ANY THIRD PARTY DATA PROVIDER MAKE ANY EXPRESS OR IMPLIED WARRANTIES OF ANY KIND REGARDING THE DATA INFORMATION, INCLUDING, WITHOUT LIMITATION, ANY WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OR USE. Privacy Policy