We never intended to return a third time to the Equifax hack story, but in “you couldn’t make it up news” we read about yet another security issue at the beleaguered credit rating company…

Equifax Hack – It Gets Worse!

Equifax has been accused of a fresh IT security breach, this time in Argentina. A cyber-crime blogger found that an online tool in the country could be accessed by using “admin” as both login and password! Doing so gave access to records including the national identity numbers of thousands of customers.

Username: Admin Password… Admin!

The news follows last week’s revelation of an attack that affected millions of users in the US and some in the UK. Equifax temporarily closed the website when the issue came to light. The case raises questions about how Equifax – and other companies – take care of customer data

The cyber-security researchers explored the site and found a list of 100 Argentinian employees. They were then able to uncover the company usernames and passwords for these people, all of which turned out to be matching words! Each one was solely the worker’s last name or their surname followed by their first initial, which simply had to be entered again as a password to access the system.

List of Equifax Customer Details

From the main page of the employee portal, the researchers found a listing of 715 pages worth of complaints and disputes from customers. It listed each person’s social security number in plain text. Altogether over 14,000 records were accessible to even a low-skilled hacker

Take Security Seriously

We keep making the point: IT security must be taken seriously. Some basic learnings from this story are:

  • Avoid making employee tools accessible via the internet
  • Don’t leave sensitive data unencrypted
  • Never leave usernames and passwords at their default settings
  • Create a strong password (click here for our advice)
  • Make sure employees create unique passwords that are hard to guess

For help making your company more secure, call us on 01482 424402 or visit www.digitalquill.co.uk.