Equifax used "admin/admin" as login and pass for an unencrypted server full of your personal data

10/22/2019 |  204
  Published by Boing Boing

In 2017, Equifax admitted that it had doxed America by leaking the nonconsensual dossiers it builds on the nation, covering up the info while its key employees sold off their stock, and then repeatedly lying about the scope of the breach.

Some of Equifax's investors have sued the company in a Georgia state court. Among the information revealed in the filings: Equifax used "admin/admin" as the login and password for a key server -- a portal used to manage credit reports.

Additionally, the data stored on Equifax's servers was unencrypted.

Among the first details to emerge from the breach was Equifax was its terrible IT practices, driven in part by a shopping spree in which it acquired dozens of small companies and failed to integrate them into its networks.

“Equifax employed the username ‘admin’ and the password ‘admin’ to protect a portal used to manage credit disputes, a password that ‘is a surefire way to get hacked,’” the lawsuit reads.

The lawsuit also notes that Equifax admitted using unencrypted servers to store the sensitive personal information and had it as a public-facing website.

Equifax used 'admin' as username and password for sensitive data: lawsuit [Ethan Wolff-Mann/Yahoo]

(via /.)


View Source
view data