Equifax Security Gap was identified by a Developer Months ago

Months prior to its catastrophic data breach, a security researcher alerted Equifax that it was exposed to the kind of attack that later negotiated the personal data of more than 145 million Americans, News has learned. Six months after the researcher first reported the company about the vulnerability, Equifax covered it but only after the large breach that made headlines had already taken place, according to Equifax’s own timeline.

 This disclosure opens the chance that more than one group of hackers broke into the company. And, more importantly, it raises new problems about Equifax’s own security applications, and whether the company took the right cares and heeded warnings of serious vulnerabilities before its disastrous hack.

Late last year, a security researcher began looking into some of the servers and websites that Equifax had on the internet. In just a few hours, after looking the company’s public-facing infrastructure, the researcher couldn’t believe what they had discovered. One particular website provided them to access the personal data of every American, including social protection numbers, full names, birthdates, and city and state of residence, the researcher told News.

The site seemed like a portal made only for workers, but was completely exposed to anyone on the internet. It displayed several search fields, and anyone with no authentication whatsoever could force the site to display the individual data of Equifax’s customers, according to the researcher. The news saw multiple sets of the data they were able to access.

“I didn’t have to do anything fancy,” the researcher told News, explaining that the site was vulnerable to a basic “constrained browsing” bug. The researcher asked anonymity out of professional concerns.

Take your time to comment on this article.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil