In case last week’s news of 143 million Equifax customers’ personal information — including birth dates, addresses, names, driver’s license numbers, and Social Security numbers — being potentially breached wasn’t enough to make you wary of the credit-reporting firm’s security, this might do the trick. According to a report from CNET, the username and password to access an Equifax employee portal in Argentina were both “admin.” Which any third-grader will tell you is right up there with “password,” “QWERTY,” and “1234567” on the list of truly terrible passwords.
The portal was used for “submitting credit disputes” and has since been shut down. Brian Krebs, of Krebs on Security, first pointed out the issue, CNET reports. If someone had logged into the account using the admin login, they would have been able to easily access thousands of unencrypted credit complaints. Fortunately, Equifax says they have “no evidence” this occurred.
From Equifax, via CNET:
We learned of a potential vulnerability in an internal portal in Argentina which was not in any way connected to the cybersecurity event that occurred in the United States last week. We immediately acted to remediate the situation, which affected a limited amount of public information strictly related to consumers who contacted our customer service center and the employees who managed those interactions. We have no evidence at this time that any consumers, customers, or information in our commercial and credit databases were negatively affected, and we will continue to test and improve all security measures in the region.
Of course, prior to last week, hundreds of millions of people in the United States thought their information was safe too.