You'll never guess what Equifax used as a password (because it's way worse than you think)
Oh, Equifax. Things just keep getting worse.
Equifax protected some accounts connected to an internal portal in Argentina with the password "admin," in a move that was either incredibly amateur or hubristic (or both).
The screwup was discovered by Milwaukee-based cybersecurity firm Hold Security, which was able to gain access to a number of people's personal data using, according to CNBC, "guesswork."
This horrible password, which deserves a huge facepalm, played no part in the security breach that impacted 143 million Americans. Still, Hold Security was able to access the Argentinean equivalent of social security numbers for about 100 employees and consumer credit report disputes. Once the company portal was accessed, a user could fiddle with employee data, and even sneak around to steal employee's usernames and passwords, according to security researcher and blogger Brian Krebs, whose call to Equifax about the issue led to the portal being taken down. Hold Security reached out to Krebs following the discovery.
This Tweet is currently unavailable. It might be loading or has been removed.
In a statement, an Equifax representative claimed that nobody's private data was compromised due to the lame password. "We immediately acted to remediate the situation, which affected a limited amount of public information strictly related to consumers who contacted our customer service center and the employees who managed those interactions," the spokesperson wrote. "What I can tell you is that we fixed the vulnerability immediately upon learning of it, and that this internet portal hasn't been in use since 2013."
Equifax is currently facing multiple investigations over this month's massive security breach, including one from the Federal Trade Commission.
In an age when even the Weight Watchers website requires you to include a number in your password, a credit reporting agency containing private data should probably give that a thought.
Let's hope no one at Equifax ever uses "password."
Topics Cybersecurity
Monica wrote for Mashable's Tech section with a focus on retail, internet of things, and the intersections of technology and social justice. She holds a degree in creative writing from Brown University, and has previously written for Dow Jones Media, the New York Post, Yahoo Finance, and others. In her free time, she can be found attempting to cook Asian food, buying board games, and looking for new hobbies.
