Home / Security Watch / Report: Equifax Argentina Portal Was ‘Wide Open’

Report: Equifax Argentina Portal Was ‘Wide Open’

The fallout from the Equifax breach is widening.

SecurityWatchAs you may be well aware by now, Equifax last week disclosed a breach impacting approximately 143 million US consumers as well as some UK and Canadian residents. Now, researchers have discovered that the personal information of thousands of Argentinians may be at risk too due to lax Equifax security practices.

Brian Krebs, a security researcher and author of the KrebsOnSecurity blog, this week revealed that he was recently contacted by researchers at Milwaukee-based information security firm Hold Security who discovered a portal used by Equifax employees in Argentina that was practically "wide open" for anyone to access.

The portal, which let Equifax employees in the Latin American country manage customer credit report disputes, was "protected by perhaps the most easy-to-guess password combination ever: 'admin/admin,'" Krebs wrote. It doesn't take a security expert to know that's a bad idea.

"Once inside the portal, the researchers found they could view the names of more than 100 Equifax employees in Argentina, as well as their employee ID and email address," Krebs wrote.

Worse yet: They also discovered "715 pages worth of complaints and disputes filed by Argentinians who had at one point over the past decade contacted Equifax via fax, phone or email to dispute issues with their credit reports," Krebs wrote. Those pages contained more than 14,000 unencrypted personal records, including DNIs — Argentina's version of Social Security numbers.

Related

Krebs contacted Equifax about the issue, and the company quickly took the portal offline and launched an investigation.

The revelation comes after Equifax last week revealed that criminals "exploited a US website application vulnerability" to gain access to credit card numbers, dispute documents with personal identifying information, names, Social Security numbers, birth dates, addresses, and some driver's license numbers. Equifax is offering to affected parties free credit file monitoring and identity theft protection.

For more, check out PCMag's roundup of the Best Password Managers, as well as Two-Factor Authentication: Who Has It and How to Set It Up.

Read more

Check Also

Samsung Vice Chairman Jay Y. Lee Released from Jail

He is now a free man after a panel of judges ruled to suspend his sentence.

Leave a Reply

Your email address will not be published. Required fields are marked *

Disclaimer: Trading in bitcoins or other digital currencies carries a high level of risk and can result in the total loss of the invested capital. theonlinetech.org does not provide investment advice, but only reflects its own opinion. Please ensure that if you trade or invest in bitcoins or other digital currencies (for example, investing in cloud mining services) you fully understand the risks involved! Please also note that some external links are affiliate links.