Equifax had ‘admin’ as login and password in Argentina
Equifax had ‘admin’ as login and password in Argentina: The credit report provider Equifax has been accused of a fresh data security breach, this time affecting its Argentine operations.
Cyber-crime blogger Brian Krebs said that an online employee tool used in the country could be accessed by typing “admin” as both a login and password.
He added that this gave access to records that included thousands of customers’ national identity numbers.
Last week, the firm revealed a separate attack affecting millions in the US.
After being notified of the latest breach, Equifax temporarily shut the affected website.
“We learned of a potential vulnerability in an internal portal in Argentina which was not in any way connected to the cyber-security event that occurred in the United States last week,” an Equifax spokeswoman told the media.
“We immediately acted to remediate the situation, which affected a limited amount of information strictly related to Equifax employees.
“We have no evidence at this time that any consumers or customers have been negatively affected, and we will continue to test and improve all security measures in the region.”
The discovery came less than a week after Equifax revealed that a separate breach meant about 143 million US consumers and an undisclosed number of British and Canadian residents might have had personal details exposed.
The firm took six weeks to make the discovery public after first learning of a problem.
On Tuesday, 36 US senators called for a federal investigation into how three company executives came to sell nearly $2m (£1.5m) worth of shares in the company in the interim.
Equifax is also facing dozens of legal claims over the matter.
Mr Krebs wrote that the Argentine matter involved Equifax’s local business Veraz.
Specifically, a web application – referred to as Ayuda, the Spanish for “help” – appears to have been weakly guarded.
“[It] was wide open, protected by perhaps the most easy-to-guess password combination ever: admin/admin,” wrote Mr Krebs.
The discovery was made by the US cyber-security firm Hold Security, which Mr Krebs advises.
Its researchers explored the portal and within found a list of more 100 Argentina-based employees, the blogger disclosed.
Using this list they were able to uncover the workers’ company usernames and passwords, which turned out to be matching words in each instance.
Each example amounted to either solely the worker’s last name or a combination of their surname and their first initial, which made them fairly easy to guess anyway, Mr Krebs added.
Watch your favorite programs, documentaries, informative packages and latest NEWS(English and Urdu).
Watch Humsub tv Live Streaming here: Humsub.tv
Read Latest Articles and News here: Latest Pakistan News