Researchers from US firm Hold Security investigating Equifax after the recent Equifax security breach exposing details of 143 million customers have said its Argentine arm is also easily hackable.
It appears Equifax security measures are nothing but sloppy after revelations that its Argentinian database has 'admin' as both the username and password.
An employee portal, known as Veraz, provided access to personal details of 111 employees to researchers, by using the insecure logon credentials.
A further page contained 715 complaints from customers, each with social security numbers being stored in plain text.
All that was protecting the sensitive personal information was what Hold security advisor Brian Krebs called “perhaps the most easy-to-guess password combination ever.”
“To me, this is just negligence,” founder Alex Holden added.
“In this case, their approach to security was just abysmal, and it’s hard to believe the rest of their operations are much better.”
Krebs meanwhile described the firm as “sloppy” as representatives took the offending portal offline.
Cointelegraph reported the giant data theft had occurred several months ago but only came to light six weeks afterwards as officials sought to keep the situation under control. A separate inquiry is currently ongoing regarding three investors who sold $18 mln worth of shares between the date of the hack discovery and the public disclosure.
In the recent days Equifax has been heavily criticized by the public, citing that Equifax should be shut down and pointing out the irony to report irresponsible consumers.
— Scott Santens (@scottsantens) September 8, 2017
— Ise Malaka (@ise_malaka) September 7, 2017
I've never done business with #Equifax, yet they had and compromised my sensitive data. That is beyond unacceptable—they should be shut down
— Eli Beckman (@elihbeckman) September 11, 2017
This is not the first security breach that we have learned of this year. Earlier this year, it was reported that Equifax had yet another security breach in April of 2016. It is reported that from April 18, 2016 to March 29, 2017 a copy of the 2016 W-2 form may have been downloaded during the breach, providing personal information including name, address, email, phone, social security number, employer identification number, and wage tax information.
In conclusion, security should be a top concern in the modern era. Stanley Kaytovich, an IT director at QWERTY Concepts, stated "There is a very important lesson here for consumers and corporations alike. Using a secure password should not be negotiable." QWERTY Concepts provides IT support services in NJ.