Equifax Used the Word ‘Admin’ for the Login and Password of a Database
Here’s one for our esteemed host Mr. Johnson, who might be able to parley his knowledge of computer technology into a high-dollar job in computer security working for Equifax—it would appear they will have some openings soon.
It’s a good thing we have the Invisible Hand (patent pending) of the Free Market to safely guard all the personally-identifying information corporations gather about us.
We wouldn’t want criminals to be able to guess their way into databases with difficult passwords like “3LynPx%27”—criminals might not be able to remember those.
“Admin” is so much easier:
Equifax Used the Word «ADMIN» as the Login and Password of a Non-US Database (goes to CNBC, more at the link)
We also wouldn’t want those corporations storing our data overseas now, would we? (Wait, a bunch of corporations already do that.)
Scores of accounts on Equifax’s website in Argentina allegedly were protected by the same generic username and password: “admin.”
Researchers at Hold Security, a Milwaukee-based cybersecurity firm, found that after some guesswork, they were able to uncover personal employee information housed on Equifax’s South American site, including names, emails, and Social Security equivalents of over 100 individuals.
The researchers easily acquired administrative access and quickly discovered consumer complaint records, complete with the Argentine equivalent of Social Security numbers, known as Documento Nacional de Identidad (National Identity Document).
“You don’t expect anything like that,” said Alex Holden, Hold Security’s chief information security officer. “An ability to lookup cases for individuals based on a single numeric ID and gender drew our attention.”
Whaddya bet if this problem occurred with their Argentine division, they also have it in other places? And how many other caches of sensitive personal data held by countless corporations have logins and passwords such as “LOGIN” and “PASSWORD?”