BREAKING: Equifax Pwned Again Due To Their Own Stupidly
Noted security expert Brian Krebs has discovered that credit monitoring firm Equifax who were pwned by hackers which in turn led to the largest data breach in history and significant fallout had an employee tool based in Argentina that could be accessed by using the user name “admin” and the password “admin”. By using those credentials, he got access to records that included the Argentine equivalent of a social security number.
#fail
This is straight up horrible IT security. No wonder these clowns were pwned. The entire planet needs to sue them out of existence. Not only that, governments in the countries that Equifax operates in need slap them silly from a legislation perspective. Because frankly, this is unacceptable.
September 14, 2017 at 9:40 am
[…] this is another data point that shows that Equifax dropped the ball here. And to be frank, it’s as bad as having a public facing database with a username of admin and password of admin. Hopefully, everyone from politicians to the average consumer is paying attention so that this […]
September 16, 2017 at 10:32 am
[…] Internet, it’s very hard to remove it. But let me get to the key point. On top of having shoddy IT practices and not patching their infrastructure in a timely manner, this failure to have someone who actually […]
September 29, 2017 at 12:23 pm
[…] a CSO with no IT experience or not applying a patch for Apache Srtuts for months, or having a publicly accessible database with username of admin and the password of (you guessed it) admin. I could go on but you get the […]