Security Blogger reveals that Equifax has username and password as admin

Krebs said that an online employee tool employed in the nation could be entered by typing “admin” as both a login and password.

He continued that this gave admittance to records that involved thousands of customers’ national identity numbers.

Last week, the firm announced a separate attack affecting millions in the US.

After being informed of the latest breach, Equifax momentarily shut the affected website.

“We heard of a potential vulnerability in an inner portal in Argentina which did not in any way connected to the cyber-security incident that happened in the United States last week,” an Equifax spokeswoman told the News.

“We quickly acted to remediate the condition, which affected a limited number of information strictly related to Equifax employees.

“We have no indication at this time that any users have been negatively hit, and we will proceed to test and update all security measures in the region.”

The development came less than a week after Equifax reported that a separate violation meant about 143 million US customers and an undisclosed amount of British and Canadian residents might have had private details exposed.

The firm took six weeks to get the discovery public after first knowledge of a problem.

On Tuesday, 36 US senators called for a federal inquiry into how three company officials came to sell nearly $2m (£1.5m) value of shares in the business in the interim.

Mr. Krebs composed that the Argentine subject involved Equifax’s local business Veraz.

Specifically, a web application related to as Ayuda, the Spanish for “help” seems to have been weakly defended.

“It was wide open, defended by perhaps the most easy-to-guess phrase combination ever: admin/admin,” wrote Mr. Krebs.

The finding was made by the US cyber-security firm Hold Security, which Mr. Krebs advises.

Its researchers examined the portal and within obtained a list of more 100 Argentina-based employees, the blogger disclosed.

Take your time to comment on this article.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients