Equifax used "admin/admin" as login and pass for an unencrypted server full of your personal data

In 2017, Equifax admitted that it had doxed America by leaking the nonconsensual dossiers it builds on the nation, covering up the info while its key employees sold off their stock, and then repeatedly lying about the scope of the breach.

Some of Equifax's investors have sued the company in a Georgia state court. Among the information revealed in the filings: Equifax used "admin/admin" as the login and password for a key server -- a portal used to manage credit reports.

Additionally, the data stored on Equifax's servers was unencrypted.

Among the first details to emerge from the breach was Equifax was its terrible IT practices, driven in part by a shopping spree in which it acquired dozens of small companies and failed to integrate them into its networks.

“Equifax employed the username ‘admin’ and the password ‘admin’ to protect a portal used to manage credit disputes, a password that ‘is a surefire way to get hacked,’” the lawsuit reads.

The lawsuit also notes that Equifax admitted using unencrypted servers to store the sensitive personal information and had it as a public-facing website.

Equifax used 'admin' as username and password for sensitive data: lawsuit [Ethan Wolff-Mann/Yahoo]

(via /.)

from Boing Boing https://ift.tt/31Ar0Kq
via IFTTT

Share on Google Plus

About Unknown

This is a short description in the author block about the author. You edit it by entering text in the "Biographical Info" field in the user admin panel.
    Blogger Comment
    Facebook Comment

0 comments:

Post a Comment