Friendly forums for passionate Dems!
More than 91 million posts since 2001
Home Latest Greatest Videos Forums Hide ads Join up!
Home Latest Greatest
Videos Forums Help
Hide ads Join up!
Latest Discussions»General Discussion»Equifax had 'admin' as lo...
Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

General Discussion

Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region Forums

nitpicker

(7,153 posts) Thu Sep 14, 2017, 04:18 AM Sep 2017

Equifax had 'admin' as login and password in Argentina

http://www.bbc.com/news/technology-41257576

Equifax had 'admin' as login and password in Argentina

13 September 2017

From the section Technology

The credit report provider Equifax has been accused of a fresh data security breach, this time affecting its Argentine operations. Cyber-crime blogger Brian Krebs said that an online employee tool used in the country could be accessed by typing "admin" as both a login and password. He added that this gave access to records that included thousands of customers' national identity numbers.
(snip)

After being notified of the latest breach, Equifax temporarily shut the affected website.
(snip)

Mr Krebs wrote that the Argentine matter involved Equifax's local business Veraz. Specifically, a web application - referred to as Ayuda, the Spanish for "help" - appears to have been weakly guarded. "[It] was wide open, protected by perhaps the most easy-to-guess password combination ever: admin/admin," wrote Mr Krebs.

The discovery was made by the US cyber-security firm Hold Security, which Mr Krebs advises. Its researchers explored the portal and within found a list of more 100 Argentina-based employees, the blogger disclosed. Using this list they were able to uncover the workers' company usernames and passwords, which turned out to be matching words in each instance. Each example amounted to either solely the worker's last name or a combination of their surname and their first initial, which made them fairly easy to guess anyway, Mr Krebs added.

"But wait, it gets worse," he blogged. "From the main page of the Equifax.com.ar employee portal was a listing of some 715 pages worth of complaints and disputes filed by Argentinians who had at one point over the past decade contacted Equifax via fax, phone or email to dispute issues with their credit reports. The site also lists each person's DNI [documento nacional de identidad]- the Argentinian equivalent of the social security number - again, in plain text." All told, there were more than 14,000 such records, Mr Krebs said, concluding that the firm had been "sloppy".
(snip)
InfoView thread info, including edit history TrashPut this thread in your Trash Can (My DU » Trash Can) BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks) 2 replies, 1290 views
ShareGet links to this post and/or share on social media AlertAlert this post for a rule violation PowersThere are no powers you can use on this post EditCannot edit other people's posts ReplyReply to this post EditCannot edit other people's posts Rec (2) ReplyReply to this post
2 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
Equifax had 'admin' as login and password in Argentina (Original Post) nitpicker Sep 2017 OP
Did they hire Skroob to run their security? temporary311 Sep 2017 #1
... Warren DeMontague Sep 2017 #2
Reply to this discussion
Latest Discussions»General Discussion»Equifax had 'admin' as lo...
Home | Latest Discussions | Greatest Discussions | Latest Videos | All Forums

About | Copyright | Privacy | Terms of service | Contact

In Memoriam

© 2001 - 2024 Democratic Underground, LLC. Thank you for visiting.