10-21-2019, 05:02 PM
|
#1 (permalink)
|
Not Doug
Join Date: Jun 2012
Location: Show Low, AZ
Posts: 12,241
Thanks: 7,254
Thanked 2,234 Times in 1,724 Posts
|
Equifax Used "admin" as Username and Password for Sensitive Data
Quote:
When it comes to using strong username and passwords for administrative purposes let alone customer facing portals, Equifax appears to have dropped the ball. Equifax used the word "admin" as both password and username for a portal that contained sensitive information, according to a class action lawsuit filed in federal court in the Northern District of Georgia. The ongoing lawsuit, filed after the breach, went viral on Twitter Friday after Buzzfeed reporter Jane Lytvynenko came across the detail. "Equifax employed the username 'admin' and the password 'admin' to protect a portal used to manage credit disputes, a password that 'is a surefire way to get hacked,'" the lawsuit reads. The lawsuit also notes that Equifax admitted using unencrypted servers to store the sensitive personal information and had it as a public-facing website. When Equifax, one of the three largest consumer credit reporting agencies, did encrypt data, the lawsuit alleges, "it left the keys to unlocking the encryption on the same public-facing servers, making it easy to remove the encryption from the data." The class-action suit consolidated 373 previous lawsuits into one. Unlike other lawsuits against Equifax, these don't come from wronged consumers, but rather shareholders that allege the company didn't adequately disclose risks or its security practices.
|
Did I just quote the entire article?!
It is one paragraph!
https://tech.slashdot.org/story/19/1...e-data-lawsuit
__________________
"Oh if you use math, reason, and logic you will be hated."--OilPan4
|
|
|