Advertisement

Equifax had 'admin' as login and password in Argentina

From BBC - September 13, 2017

The credit report provider Equifax has been accused of a fresh data security breach, this time affecting its Argentine operations.

Cyber-crime blogger Brian Krebs said that an online employee tool used in the country could be accessed by typing "admin" as both a login and password.

He added that this gave access to records that included thousands of customers' national identity numbers.

Last week, the firm revealed a separate attack affecting millions in the US.

After being notified of the latest breach, Equifax temporarily shut the affected website.

"We learned of a potential vulnerability in an internal portal in Argentina which was not in any way connected to the cyber-security event that occurred in the United States last week," an Equifax spokeswoman told the BBC.

"We immediately acted to remediate the situation, which affected a limited amount of information strictly related to Equifax employees.

"We have no evidence at this time that any consumers or customers have been negatively affected, and we will continue to test and improve all security measures in the region."

The discovery came less than a week after Equifax revealed that a separate breach meant about 143 million US consumers and an undisclosed number of British and Canadian residents might have had personal details exposed.

The firm took six weeks to make the discovery public after first learning of a problem.

On Tuesday, 36 US senators called for a federal investigation into how three company executives came to sell nearly $2m (1.5m) worth of shares in the company in the interim.

Equifax is also facing dozens of legal claims over the matter.

Mr Krebs wrote that the Argentine matter involved Equifax's local business Veraz.

Specifically, a web application - referred to as Ayuda, the Spanish for "help" - appears to have been weakly guarded.

'Extraordinary'

Advertisement

Continue reading at BBC »