Equifax caught with its password pants down as hack fallout continues
It’s one of the most basic rules of internet security - but embattled credit reporting agency Equifax has been caught red-faced using ‘admin’ as both its login and password.
The company is under continued fire in the US after revealing up to 143 million Americans may have had sensitive personal and social security details compromised in a massive hack.
Now, cyber-security blogger Brian Krebs has revealed the company’s Argentinian operation was using the default ‘admin’ and ‘admin’ combination as a username and password to access its employee interface in the country.
Equifax says it closed the vulnerability as soon as it learned of it.
“We learned of a potential vulnerability in an internal portal in Argentina which was not in any way connected to the cyber-security event that occurred in the United States last week,” a spokeswoman for the company told the BBC.
The company says it has no evidence at this stage that any consumers have been “negatively affected” by the breach.
Meanwhile in the US, Equifax remains under fire for the massive breach of hundreds of millions of pieces of data, which took the firm six weeks to make public.
In Washington, 36 senators called for a federal investigation on Tuesday, into why three executives sold £1.5m of company stock after the company discovered the breach, but before it was made public.
A number of law firms and legal advice organisations were also encouraging consumers to join class action lawsuits against the company, or start their own legal action in local small claims courts.
Equifax shares closed down 14.59% in New York on Wednesday, having lost 30.09% in the last five sessions.
The scandal has had wider implications on the US credit reporting industry too, with Experian down 2.14% in London at 1143 BST, following Transunion which fell 8.49% on Wall Street on Wednesday.
Senator Mark Warren, a Democrat representing Virginia, led the political charge of concern over the security of credit reporting agency data, asking the Federal Trade Commission to investigate whether the three firms have “adequate” cyber-security in place.
Warren’s letter was “one of several examples of the heightened political and legal activity surrounding this controversy,” noted analysts at Barclays in a Thursday morning note.
Two of the three US credit reporting agencies also operate in the UK - Equifax and Experian.
The third main UK agency, Callcredit, is owned by Chicago-based private equity giant GTCR.