Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsEquifax had 'admin' as login and password in Argentina
http://www.bbc.com/news/technology-41257576Equifax had 'admin' as login and password in Argentina
13 September 2017
From the section Technology
The credit report provider Equifax has been accused of a fresh data security breach, this time affecting its Argentine operations. Cyber-crime blogger Brian Krebs said that an online employee tool used in the country could be accessed by typing "admin" as both a login and password. He added that this gave access to records that included thousands of customers' national identity numbers.
(snip)
After being notified of the latest breach, Equifax temporarily shut the affected website.
(snip)
Mr Krebs wrote that the Argentine matter involved Equifax's local business Veraz. Specifically, a web application - referred to as Ayuda, the Spanish for "help" - appears to have been weakly guarded. "[It] was wide open, protected by perhaps the most easy-to-guess password combination ever: admin/admin," wrote Mr Krebs.
The discovery was made by the US cyber-security firm Hold Security, which Mr Krebs advises. Its researchers explored the portal and within found a list of more 100 Argentina-based employees, the blogger disclosed. Using this list they were able to uncover the workers' company usernames and passwords, which turned out to be matching words in each instance. Each example amounted to either solely the worker's last name or a combination of their surname and their first initial, which made them fairly easy to guess anyway, Mr Krebs added.
"But wait, it gets worse," he blogged. "From the main page of the Equifax.com.ar employee portal was a listing of some 715 pages worth of complaints and disputes filed by Argentinians who had at one point over the past decade contacted Equifax via fax, phone or email to dispute issues with their credit reports. The site also lists each person's DNI [documento nacional de identidad]- the Argentinian equivalent of the social security number - again, in plain text." All told, there were more than 14,000 such records, Mr Krebs said, concluding that the firm had been "sloppy".
(snip)
InfoView thread info, including edit history
TrashPut this thread in your Trash Can (My DU » Trash Can)
BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks)
2 replies, 1290 views
ShareGet links to this post and/or share on social media
AlertAlert this post for a rule violation
PowersThere are no powers you can use on this post
EditCannot edit other people's posts
ReplyReply to this post
EditCannot edit other people's posts
Rec (2)
ReplyReply to this post
2 replies
= new reply since forum marked as read
Highlight:
NoneDon't highlight anything
5 newestHighlight 5 most recent replies
Equifax had 'admin' as login and password in Argentina (Original Post)
nitpicker
Sep 2017
OP
temporary311
(955 posts)1. Did they hire Skroob to run their security?
Warren DeMontague
(80,708 posts)2. ...