![]() Security researcher Brian Krebs documented the case of an Equifax Argentina employee online portal used to manage customer credit disputes page was secured by only the username/password combination admin/admin even after the massive data breach had already revealed. As of 15 September, the checker still returned different responses for the same user checking multiple times, and checks for the last names “test” and “blahblah” with the social security number “123456” still returned the result “we believe that your personal information may have been impacted by this incident.” The TrustedID Premiere online checker that allows users to determine whether or not they were affected was widely reported to be unreliable, and these problems seem to persist. The Equifax informational breach website has addressed these problems in updates ( 2, 3, 4 ) and worked to correct them. ![]() The credit freeze request link was temporarily unavailable due to “technical issues” related to the high volume of security freeze requests. The PIN generated to enable and disable security freezes was found to be easily predictable, incorporating the date and time of the freeze request. ![]() Technical problems have plagued Equifax in the week since the breach was announced. This particular vulnerability was disclosed and patched by 8 March of 2017, months before the start of the breach on, meaning that this dangerous and widespread data breach was easily preventable. Last week, we reported that the major credit reporting company Equifax announced a massive data breach affecting up to 143 million US customers last week on 7 September, but the developing story over the course of the week has gone from bad to worse.Īfter days of speculation, on 13 September, Equifax revealed the initial attack vector that unknown hackers exploited to enable the breach, a known Apache Struts web-application vulnerability, CVE-2017-5638.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |