Slashdot Mirror

← Back to Stories (view on slashdot.org)

Equifax Had 'Admin' as Login and Password in Argentina (bbc.com)

Posted by msmash on from the security-woes dept.

Reader wired_parrot writes: The credit report provider Equifax has been accused of a fresh data security breach, this time affecting its Argentine operations. The breach was revealed after security researchers discovered that an online employee tool used by Equifax Argentina was accessible using the "admin/admin" password combination.

123 comments

  1. MAGA by Anonymous Coward · · Score: 3, Funny

    Make Admin Great Again

    At this point, Equifux is circling the drain. Time for those insiders to cash out.

    1. Re:MAGA by Anonymous Coward · · Score: 5, Insightful

      Some of them conveniently sold their stock the day before the big announcement... but of course they had no idea about the breach.

    2. Re:MAGA by crashumbc · · Score: 0

      How is this marked a troll? it's a perfect representation of the US

    3. Re:MAGA by The123king · · Score: 1

      Yeh, they're fucked. I've been watching their stock price tumble over the last few days. Maybe by the end of the week i'll be able to buy the remnants of the company with the change i have in my back pocket.

      --
      If you gave me a choice between a printer and a giraffe with explosive diarrhoea, i'll get my ladder and my raincoat
    4. Re:MAGA by MoarSauce123 · · Score: 1

      This is what I thought about TJX back then as well. Equifux will have a bad quarter and after that it is business as usual. As security measure they will change the password on Admin accounts to either "God" or "Password123".

    5. Re:MAGA by pnutjam · · Score: 1

      no love for nimda?

      --
      Cheap storage VM.
  2. Are you shitting me ? by Ziest · · Score: 1

    What kind of moron working at a credit reporting agency fails to change the DEFAULT login and password. ? I hope that clown got fired

    --
    Another day closer to redwood heaven
    1. Re:Are you shitting me ? by Anonymous Coward · · Score: 0

      I agree. I mostly work at small companies with a few employees and sales in millions not billions. The first thing I do is put better password policies in place.

    2. Re:Are you shitting me ? by DontBeAMoran · · Score: 4, Funny

      username: clown
      password: fired

      Added to my list of test logins/passwords.

      --
      #DeleteFacebook
    3. Re:Are you shitting me ? by wired_parrot · · Score: 5, Informative
      It gets worse. From the article:

      Once inside the portal, the researchers found they could view the names of more than 100 Equifax employees in Argentina, as well as their employee ID and email address. (...) However, all one needed to do in order to view said password was to right-click on the employee’s profile page and select “view source,” a function that displays the raw HTML code which makes up the Web site. Buried in that HTML code was the employee’s password in plain text.

      A review of those accounts shows all employee passwords were the same as each user’s username. Worse still, each employee’s username appears to be nothing more than their last name, or a combination of their first initial and last name

      But wait, it gets worse. From the main page of the Equifax.com.ar employee portal was a listing of some 715 pages worth of complaints and disputes filed by Argentinians who had at one point over the past decade contacted Equifax via fax, phone or email to dispute issues with their credit reports. The site also lists each person’s DNI — the Argentinian equivalent of the Social Security number — again, in plain text. All told, this section of the employee portal included more than 14,000 such records.

    4. Re:Are you shitting me ? by Anonymous Coward · · Score: 1

      So your default passwords now are correcthorsebatterystaple?

      https://xkcd.com/936/

    5. Re:Are you shitting me ? by chispito · · Score: 2

      What kind of moron working at a credit reporting agency fails to change the DEFAULT login and password. ? I hope that clown got fired

      You must not get out much. The answer is "all kinds."

      --
      The Daddy casts sleep on the Baby. The Baby resists!
    6. Re:Are you shitting me ? by rogoshen1 · · Score: 2

      tyler durden might have been right.

    7. Re:Are you shitting me ? by supremebob · · Score: 1

      They shouldn't just fire the admin, but the admin's boss for not having proper security audit procedures in place.

      If they actually had an auditor for that branch, maybe they should fire them as well for not doing a basic password audit on admin accounts.

    8. Re:Are you shitting me ? by Revek · · Score: 3, Interesting

      Shouldn't you be arrested for this level of breech. If you worked at a bank and it was robbed because the security guard always left a door unlocked that would be considered criminal.

    9. Re:Are you shitting me ? by DivineKnight · · Score: 3, Insightful

      Nonsense. We have the Cloud now, so it's totally cool to use default or easily guessable passwords.

    10. Re:Are you shitting me ? by Mr+D+from+63 · · Score: 2

      Shouldn't you be arrested for this level of breech. If you worked at a bank and it was robbed because the security guard always left a door unlocked that would be considered criminal.

      I'd at least cut their bonuses in half.

    11. Re:Are you shitting me ? by ArylAkamov · · Score: 1

      I refuse to believe in this timeline. This is a special abstract kind of hell. How much do you think the people that came up with this system were paid?

    12. Re:Are you shitting me ? by cayenne8 · · Score: 1

      So your default passwords now are correcthorsebatterystaple?

      Nah....I just usually use the same passcode as I do for my luggage.

      --
      Light travels faster than sound. This is why some people appear bright until you hear them speak.........
    13. Re:Are you shitting me ? by Anonymous Coward · · Score: 0

      That takes some epic doing, and has to be deliberate. I don't see how a "debug mode" or an accident can get passwords located in the code like that, no matter how horri-bad a dev is.

      Of course, I won't be surprised to see Equfax say, "hackers always win, why even bother to try to defend against them" as a defense. This has worked 100% with other companies.

    14. Re:Are you shitting me ? by ctilsie242 · · Score: 1

      Physical security and electronic security are two different fronts. With physical security, if a security guard left a guard unlocked, there is physical evidence. With electronic security, all a company has to say is something along the lines of "hackers will win no matter what, so why bother?" and they will get off with, at best, a stern talking-to.

      The past shows this to be true. Ever see a large company actually suffer because of a security breach? Definitely not, especially after they do the PR gambits and demand people sign their life away in return for a few attoseconds of credit monitoring service.

    15. Re:Are you shitting me ? by Anonymous Coward · · Score: 5, Informative

      Argentinian here, I feel there's the need to clarify something: The DNI* thing is a red herring - in Argentina the number is like your name, using of using the DNI number as an enforced password is considered idiotic by normal people's standard

      * Documento Nacional de Identidad, literally "national identity document" - it's used to refer to the document itself (it used to be a small book like a passport, nowadays it's an ID card) and the unique numeric identifier associated with the person itself

    16. Re:Are you shitting me ? by Anonymous Coward · · Score: 1

      I agree. I mostly work at small companies with a few employees and sales in millions not billions. The first thing I do is put better password policies in place.

      I once worked with a company that had taken on agile a bit too far. Everything (and I mean every single bit change) had to go through adding a user story to a backlog, then stay there until biweekly sprint planning where it would be estimated according to tshirt size and presented to the product owner which then decided if it should be added to the upcoming sprint, moved back or tossed completely. At one point I had a story about replacing default passwords shot down with the reasoning that it simply did not provide any business value and that we should focus on user-facing features.

      They are no longer in business.

    17. Re:Are you shitting me ? by Billly+Gates · · Score: 1

      Nope. It says in the contract with Tata India they can't fire. But hey, they saved money in the sound of mere thousands and helped raise the share price by outsourcing their IT

      --
      http://saveie6.com/
    18. Re:Are you shitting me ? by zifn4b · · Score: 1

      username: outsourced_clown
      password: fired

      Added to my list of test logins/passwords.

      FTFY

      --
      We'll make great pets
    19. Re:Are you shitting me ? by Christinagirl1 · · Score: 2

      A friend of mine just brought up that we should just sell our own information now! LOL, we would be up $20 that way!

    20. Re:Are you shitting me ? by Anonymous Coward · · Score: 0

      I'd at least cut their bonuses in half.

      I first read that as "cut their bones in half" which seemed like a gruesomely specific overreaction.

    21. Re:Are you shitting me ? by Anonymous Coward · · Score: 1

      I secure my luggage with a good key-ring, is more difficult to open than most of the small padlocks.

    22. Re:Are you shitting me ? by Anonymous Coward · · Score: 1

      A friend of mine just brought up that we should just sell our own information now! LOL, we would be up $20 that way!

      Its only valuable to the extent that it can be used to manipulate your life. Selling it yourself would make it worth far less than even $20.

    23. Re: Are you shitting me ? by Anonymous Coward · · Score: 0

      The American system is supposed to be that way too, it's just that everyone is using it wrong anyways.

    24. Re:Are you shitting me ? by Anonymous Coward · · Score: 0

      Their CSO is a liberal arts major ... music composition or something like that. Sounds like complete lack of technical knowledge is a prerequisite to run things over there.

    25. Re:Are you shitting me ? by burtosis · · Score: 2, Insightful

      I refuse to believe in this timeline. This is a special abstract kind of hell. How much do you think the people that came up with this system were paid?

      You are right to disbelieve. The world actually ended in 2012, just like the Mayan prophecy said. We have been living in a post apocalyptic nightmare inside the minds of the old ones ever since.

    26. Re:Are you shitting me ? by Anonymous Coward · · Score: 0

      except your luggage is still secured with a zipper, which is easily breached with a pointy object, such as a pen.

    27. Re:Are you shitting me ? by Mr.+Shotgun · · Score: 3, Interesting

      I don't see how a "debug mode" or an accident can get passwords located in the code like that, no matter how horri-bad a dev is.

      Oh I can see it, some horri-bad dev write a "Select * from users" because that is the only SQL he knows and then finds a bunch of extra fields in his response. And rather than asking someone or googling about selecting fields he then marks all the rest of the fields as hidden. Out of site, out of mind. Only master haxxor ninjas know how to right click a page and select view source.

      --
      Of all tyrannies, a tyranny sincerely exercised for the (supposed) good of its victims may be the most oppressive
    28. Re:Are you shitting me ? by CaptainDork · · Score: 1

      No.

      Fire the motherfucker who hired that bastard (or bitch, as may apply).

      --
      It little behooves the best of us to comment on the rest of us.
    29. Re:Are you shitting me ? by crashumbc · · Score: 1

      While true, it's at least generally VERY difficult to hide that you've ripped a zipper open...

    30. Re:Are you shitting me ? by Anonymous Coward · · Score: 0

      We'll release you when we're damn well ready.

    31. Re: Are you shitting me ? by Anonymous Coward · · Score: 0

      DNIs are public here, and citizens credit information is shared to anyone with enough bucks to pay for the access. The source of that data is, obviously, leaked from the government.

    32. Re:Are you shitting me ? by Anonymous Coward · · Score: 0

      While true, it's at least generally VERY difficult to hide that you've ripped a zipper open...

      You're kidding right? You do realize that you can run the zipper all the way to one side, unzip it with a pen, riffle through the luggage, then run the zipper back closed again?

      That's anything but VERY difficult.

    33. Re:Are you shitting me ? by dstyle5 · · Score: 1

      One... two... three... four... five?

    34. Re:Are you shitting me ? by CaptainDork · · Score: 1

      2012 is close, but no.

      When email first hit small business,ca. 1995, I was working at a law firm.

      At a meeting, management directed me to stop all unsolicited emails from entering the building.

      I explained what spam was, and told them to sue for lack of productivity or something because, fuck it, they were a bunch of goddam lawyers .

      We revisited that shit for the next 20 years, off and on.

      --

      The "end" started when litigation never happened.

      --
      It little behooves the best of us to comment on the rest of us.
    35. Re:Are you shitting me ? by Anonymous Coward · · Score: 1

      No, Dinugs. If you can't move the clasp because it's been immobilized, remember? That's why you used a pen in the first place.

    36. Re:Are you shitting me ? by Anonymous Coward · · Score: 0

      using of using the DNI number as an enforced password is considered idiotic by normal people's standard

      SSN in America is similarly an identifying number, that doesn't stop American idiots designing websites to use it as a password or a "security question" to reset password though.

    37. Re:Are you shitting me ? by Anonymous Coward · · Score: 0

      I secure my luggage with a good key-ring, is more difficult to open than most of the small padlocks.

      I secure mine with a good cockring, and nobody ever dare touch it.

    38. Re: Are you shitting me ? by nitehawk214 · · Score: 1

      Well, he is an idiot.

      --
      I'm a good cook. I'm a fantastic eater. - Steven Brust
    39. Re: Are you shitting me ? by nitehawk214 · · Score: 1

      It's idiotic and often illegal to use SSN that way in the US. Doesn't stop companies from doing it.

      --
      I'm a good cook. I'm a fantastic eater. - Steven Brust
    40. Re:Are you shitting me ? by Anonymous Coward · · Score: 0

      I'd at least cut their bonuses in half.

      I first read that as "cut their bones in half" which seemed like a gruesomely specific overreaction.

      I read that as "cut their boners in half". Good punishment for that group of dicks.

    41. Re:Are you shitting me ? by Anonymous Coward · · Score: 0

      Argentinean DNI is not at all equivalent as the American social security number. It's just a government id number which is public and can be looked up in public and online databases. There is nothing risky about giving your DNI to anyone.

    42. Re: Are you shitting me ? by Anonymous Coward · · Score: 0

      As a result of your negative comments, our Equifax algorithm has downgraded your credit rating. Your comments indicate instability.

    43. Re: Are you shitting me ? by Anonymous Coward · · Score: 0

      What? admin/admin is a bad password! Come on! No one will ever guess it. Just like the password on my luggage 12345.
      http://2.bp.blogspot.com/-jAhnuIQmQdQ/VMAM1hvFwPI/AAAAAAAABV8/l3lE-_xqXCM/s1600/Spaceballs-12345.jpg

    44. Re: Are you shitting me ? by KGIII · · Score: 1

      You have obviously never used any software that I wrote.

      I have formally apologized.

      --
      "So long and thanks for all the fish."
    45. Re:Are you shitting me ? by lien_meat · · Score: 1

      Oh I can see it, some horri-bad dev write a "Select * from users...

      If they had hashed, or even encrypted the passwords in the db, then at least they'd not be plain text in the source if they did a "SELECT *...". But no, this was likely shoddy at the very base levels, all the way up into the front end. I shudder to think about it. The full stack was garbage for this to happen.

    46. Re: Are you shitting me ? by Anonymous Coward · · Score: 0

      It's your fault for having an identity. If you didn't have an identity, it wouldn't have been stolen in the first place. Shame on you for trying to shift the blame onto the honest, hardworking, poorly compensated executives at this admirable company.

    47. Re:Are you shitting me ? by Anonymous Coward · · Score: 0

      Its only valuable to the extent that it can be used to manipulate your life. Selling it yourself would make it worth far less than even $20.

      Really? - I don't think there would be much difference to the recipient of that data just because you've cut out the middle man.

      Besides, I'm sure we could find someone willing to fork out £1200 a month, I'd write essays on my daily activities for that! - Abridged version sells for £650 a month

    48. Re:Are you shitting me ? by MoarSauce123 · · Score: 1

      I hope that clown gets a reprimand and the C-level manager in charge of security gets fired. You need to kick out the big heads, not the grossly underpaid and grossly overworked peons in IT.

    49. Re:Are you shitting me ? by LordWabbit2 · · Score: 1

      Well in my country we have regulations governing the storage of sensitive data, even before you can start storing it the software has to be certified that it meets (or exceeds) the given criteria for the type of data you want to store. Banking details is right up there next to top level security as far as the regulations are concerned. Worked on sports betting software and was handed the compliance document and told to go through it and make the software compliant where ever it was missing stuffs. This was BEFORE we even tried to get it certified of course, so to stress test it while we waited for them to get around to certifying it (took a year, and a LOT of money) they sent a team to Zimbabwe and they ran it there, since Zimbabwe's got fuck all regulations (or if they do it's not enforced).

      To me this should be SOP for all software storing sensitive information.

      --
      There are three kinds of falsehood: the first is a 'fib,' the second is a downright lie, and the third is statistics.
    50. Re:Are you shitting me ? by Anonymous Coward · · Score: 0

      I secure my luggage with a good key-ring, is more difficult to open than most of the small padlocks.

      I secure mine with a good cockring, and nobody ever dare touch it.

      That is probably more a stroke of luck than anything else

    51. Re:Are you shitting me ? by Anonymous Coward · · Score: 0

      That, that is sadly a bit comforting.

    52. Re:Are you shitting me ? by ctilsie242 · · Score: 1

      My question is... are the regulations enforced? Sarbanes-Oxley comes to mind of regulations that sounded good, but the only time it really got enforced on a public basis, was when someone went over their catch limit fishing.

      I wouldn't mind seeing consistency with regs across nations, and some merging of standards (HIPAA, CJIS, FERPA, FISMA, FedRAMP, PCI-DSS 3.2.) Of course, some things can't overlap, but most of the stuff can. Have the certification be done by a fair third party, like a UL listing, but for security.

    53. Re: Are you shitting me ? by Anonymous Coward · · Score: 0

      Excuse me, I have to go change the code on my luggage.

    54. Re:Are you shitting me ? by Revek · · Score: 1

      Having a username and password of admin/admin is the equivalent of leaving the door unlocked. Its in TFA.

  3. Negligence does not get more gross by gweihir · · Score: 3, Insightful

    This needs to be treated and punished the same as intent.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    1. Re:Negligence does not get more gross by DivineKnight · · Score: 4, Funny

      Kind of an Oprah moment: "You get a pink slip, and you get a pink slip, everybody gets a pink slip!"

  4. At least it wasn't 12345. by Anonymous Coward · · Score: 0

    That's the combination I have on my luggage!

  5. Oops? by thegreatbob · · Score: 1

    Yep, oops.

    --
    There is no XUL, only WebExtensions...
  6. Jesus F*ing Christ! by bjwest · · Score: 1

    If this turns out to be true, everyone from the CTO to the entire board of directors needs to go prison for a very long time and their entire net worth distributed to the people affected by this. I'm not talking country club prison here either, I'm talking real prison where poor criminals go. And no class action where the lawyers get it all, but an outright equal distribution to everyone affected. Then the class action can come in and take the rest of the companies assets and pass out the $5 gift cards and the millions to the lawyers.

    --

    --- Keep the choice with the user..
    1. Re:Jesus F*ing Christ! by Chewbacon · · Score: 1

      But they won't. They'll get a $300 fine when adjusted to the average individual's income. Cost of doing business! Let's fuck over some more people!

      --
      Chewbacon
      The Bible is like Wikipedia: written by a bunch of people and verifiable by questionable sources.
    2. Re:Jesus F*ing Christ! by Anonymous Coward · · Score: 0

      I had nothing to do with this, however it looks like I will have to die for your sins again, as the last time just got all used up.

      -Jesus Christ

    3. Re:Jesus F*ing Christ! by Christinagirl1 · · Score: 1

      Agreed! But sadly, this is a common theme. Just look at shodan. What a f*ing mess. The majority of companies don't care. They figure they can mitigate the risk. You know, if it costs 1mill to manage and they would only be sued for 100k if caught within a 1 year period ...it's acceptable. I think EVERY SINGLE American should freeze their credit and file a suit against them.

    4. Re:Jesus F*ing Christ! by Anonymous Coward · · Score: 0

      Nice fantasy you've got there.

    5. Re: Jesus F*ing Christ! by nitehawk214 · · Score: 1

      And any fine they do get will get passed on to the public in order to preserve the executives bonuses.

      --
      I'm a good cook. I'm a fantastic eater. - Steven Brust
    6. Re: Jesus F*ing Christ! by david_thornley · · Score: 1

      Companies can't pass atypical costs onto the public. If the company could get more out of the public, it already would have. The costs get pushed back to the stockholders.

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
  7. Amazing! by computational+super · · Score: 2

    That's the same combination I have on my luggage!

    --
    Proud neuron in the Slashdot hivemind since 2002.
    1. Re:Amazing! by Anonymous Coward · · Score: 0

      I just tested this on my home router, and it had the exact same user/password combination.

    2. Re:Amazing! by computational+super · · Score: 1

      I tested it on your home router, too. Confirmed.

      --
      Proud neuron in the Slashdot hivemind since 2002.
  8. Sheer incompetence ... by Anonymous Coward · · Score: 1

    an online employee tool used by Equifax Argentina was accessible using the "admin/admin" password combination

    If this is the kind of internal stuff they have, they have no fucking business holding other people's data.

    This is about as incompetent as you can get. Like epic incompetence. You're fired kind of incompetence. You should never have another fucking job in the industry kind of incompetence.

    It will be hard to shield themselves from liability with that level of stupid.

    1. Re:Sheer incompetence ... by Anonymous Coward · · Score: 0

      It is kinda funny that this happens in 2 countries that refuse to hold companies liable (actual fines that matter, actual prisontime to the criminals) or even put regulations in place to protect people from this abuse... it will not stop until that changes. and even then it is still gonna be a hard battle, after all you are up against the mighty buck and people without ethics or morals.

  9. more than one moron by gosand · · Score: 1

    I don't think you can single out one person, it seems as if there would be plenty of people to blame for not changing it.

    --

    My beliefs do not require that you agree with them.

    1. Re:more than one moron by drinkypoo · · Score: 1

      I don't think you can single out one person, it seems as if there would be plenty of people to blame for not changing it.

      And you can reasonably punish all of them.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    2. Re:more than one moron by OrangeTide · · Score: 1

      Indeed, if it is a systematic problem then there is even more reason to take action to correct it.

      --
      “Common sense is not so common.” — Voltaire
    3. Re:more than one moron by angel'o'sphere · · Score: 5, Insightful

      Why does equipment even have a default user/password?
      It simply should not function until you have changed/set it.

      --
      Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
    4. Re:more than one moron by mschwanke97402 · · Score: 1

      Why does equipment even have a default user/password? It simply should not function until you have changed/set it.

      That is actually true of a few modern devices. Unfortunately many of these device makers buy off-the-shelf firmware to plug in to their gadgets. Perhaps a regulation or two?

    5. Re:more than one moron by mcrbids · · Score: 2

      Personally, I'm a fan of having a default password be something intrinsic and unique to that specific device, such as
      a wifi router with the default password being both fairly strong and printed on the bottom.

      --
      I have no problem with your religion until you decide it's reason to deprive others of the truth.
    6. Re:more than one moron by angel'o'sphere · · Score: 1

      Yes that makes sense.
      Fixed enough wifis, where no one really knew why did not work and what the password is. Luckily they never changed the "build in" password, printed on the bottom.

      --
      Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
  10. Argentina you say? by Anonymous Coward · · Score: 0

    Well it's at least better than a/a and b/b...

    Those in the know will get a giggle about that one. :p

    1. Re:Argentina you say? by morethanapapercert · · Score: 1

      We slashdotters like being in the know, so how about sharing the reference? We could all use a good giggle...

      --
      I need a wheelchair van for my son. Help me get the word out. https://www.gofundme.com/wheelchair-van-for-jj
  11. wow.. by bravecanadian · · Score: 3, Insightful

    I mean we all know there is no such thing as 100% safe in information security but this is not even trying..

    1. Re:wow.. by Anonymous Coward · · Score: 0

      This is -100% safe!

  12. Second try by canuck57 · · Score: 2

    Second try, I guess Admin/password didn't work.

    1. Re:Second try by Anonymous Coward · · Score: 0

      And all this time, I was trying with password/password. Damn.

  13. It's supposed to be by Anonymous Coward · · Score: 0

    admin/password!

  14. mah brane hertz by Mike+Van+Pelt · · Score: 1

    oooooowwwww

  15. Anyone want to place bets..... by 8127972 · · Score: 2

    ...... On the original hack being caused by something as stupid as this?

    --
    This is my opinion. To make sure you don't steal it, it's covered by the DMCA.
    1. Re:Anyone want to place bets..... by Xyrus · · Score: 3, Interesting

      On the bright side Equifax's stock price is plummeting faster than a metric based Mars probe.

      I hope they go bankrupt and every corporate board member spends the rest of their lives fighting identity theft. They deserve no less, since now I have to spend the rest of my fucking life fighting identity theft thanks to these assholes.

      --
      ~X~
  16. Damned open source! by Anonymous Coward · · Score: 0

    When will industry learn!

  17. Diversity hiring by Anonymous Coward · · Score: 0

    Equifax's head of security was an obvious diversity hire. Thank SJWs for your identity being stolen.

  18. It's those open sores by Anonymous Coward · · Score: 0

    They keep oozing out L/Ps

  19. laughed out loud! by Christinagirl1 · · Score: 2

    I just laughed out loud! Let me guess, all of their routers are admin G3t0ut.

  20. It's not a problem by Anonymous Coward · · Score: 0

    There's no money in Argentina anyways.

  21. Do we know if they outsourced their IT by Anonymous Coward · · Score: 0

    to some shitty Indian company or not?

    1. Re:Do we know if they outsourced their IT by Anonymous Coward · · Score: 0

      https://www.glassdoor.com/Reviews/NettPositive-Reviews-E474656.htm

      Nah they just buy shitty Indian companies instead lol

    2. Re:Do we know if they outsourced their IT by guruevi · · Score: 1

      Equifax Inc. has requested 96 H1B visa over the last 5 years all for $90k salary jobs (job market average there is ~$125k) for their Atlanta, GA offices.

      In 2010 they outsourced their call centers overseas and 100 H1B's in the IT for a company of only 9500 employees means, yes, their entire IT department has been outsourced.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
  22. Holy crap by XSportSeeker · · Score: 1

    Steve Gibson will have a field day with this one... I wonder how many more eggredious displays of a total lack of security practices it'll take to entirely close the thing down.

    1. Re:Holy crap by Anonymous Coward · · Score: 0

      Do red eggs go with purple ham or something?

  23. I want to work at Equifax! by intnsred · · Score: 2

    Really, I do want to work there!

    I'll be a bloody genius there -- hell, even I know enough to change the login combo to "admin/equfax" -- and they'll pay me well for such brilliant security insights.

    Oh, but wait.

    Now that people -- and even chat-bots -- are suing them blind over this mindless security breach, I'm thinking that maybe there won't be a company left when they're through.

    1. Re:I want to work at Equifax! by sysrammer · · Score: 1

      I see what you did there! You purposely misspelled "equifax" for the password. Brillant!

      --
      His ignorance covered the whole earth like a blanket, and there was hardly a hole in it anywhere. - Mark Twain
    2. Re: I want to work at Equifax! by nitehawk214 · · Score: 1

      If you can pretend to know what you are doing, you would make an excellent fall guy.

      --
      I'm a good cook. I'm a fantastic eater. - Steven Brust
  24. Ugly is skin deep... by Sqreater · · Score: 1

    ...but stupid goes right to the bone.

    --
    E Proelio Veritas.
  25. Whiplash, from first to worst by SuperKendall · · Score: 1

    At first I thought, man that is TOO secure, keeping the admin password only in Argentina.

    Then I understood what the headline was trying to say...

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  26. Is this any by Anonymous Coward · · Score: 0

    surprise

  27. Memory aid by trevc · · Score: 1

    How else are they supposed to remember the password?

  28. When you have an anti-tech music major... by Anonymous Coward · · Score: 0

    as your chief security officer, what else do you expect? My old program manager at Microsoft had a psychology degree, so he was just terrible. He also fought for years against using email. Of course when you have people that either don't understand or don't like technology in charge, you're just going to get what you expect.

  29. How is there no Hitler reaction video to all by Kogun · · Score: 3, Interesting

    this dumbfuckery? Get on it people!

    1. Re:How is there no Hitler reaction video to all by Slayer · · Score: 1

      The downfall meme is typically used for outrageous things. The whole Equifax story has gone down to such a level of ridiculousness, that it would rather call for the Risitas meme ...

  30. I can tell you exactly how this happens by Anonymous Coward · · Score: 0

    It's simple really. The reason is that nobody in the organization is actually responsible for it. You can't really point the finger at any one person and say, "You didn't make this thing happen" because there is nobody in that office whose job description (if they even really have one) actually says they are responsible.
    I've worked for places like this. When the managers are all clueless and the employees all underpaid, things that should obviously get done, just don't. If the bosses don't know, and the workers don't care, it's a recipe for disaster.
    Unfortunately, I'd say that mismanagement is pretty much the standard in most businesses, but the degree to which they are mismanaged varies.

  31. Equifucked by Anonymous Coward · · Score: 0

    And they are entrusted with your financial information. Fucking Idiots!

  32. what software permits this? by Anonymous Coward · · Score: 0

    A review of those accounts shows all employee passwords were the same as each user’s username.

    So the most important question is: what shitty software did Equifax implement that does not have rudimentary password control features?
    Cause there's bound to be plenty more of whatever it is around, and we should shut that shit down FAST !!!!

  33. SEI an investment company for millionares has the by Anonymous Coward · · Score: 0

    SEI an investment company in the US had computers under the security department control using sysadmin as the password for its security monitoring computers when the head of security was confronted about this the person who found it was fired! Companies don't care about security they make the users change passwords every 60 days and then install software that requires root communication between servers that do not use passwords.

  34. Can't Fix Stupid by Anonymous Coward · · Score: 0

    You can only fire them.

  35. Told you so... by DarthVain · · Score: 1

    *Ahem* I pretty much said as much previously. It's exciting to imagine a cabal of hackers doing things like this, however reality more often than not is just incompetence.

    https://slashdot.org/comments....

  36. You can't fix stupid by mpercy · · Score: 1

    Once again this proves that there is no technological solution to stupid human problems.

    OTOH, a simple rule in the username/password database that prohibits admin/admin and other similar things like root/root could help. But then you'd just have people using their birthday or somesuch.

  37. Don't cry for me, Argentina by mpercy · · Score: 1

    The truth is, I never left you
    All through my wild days, my mad existence
    I kept my promise
    Don't keep your distance
    And as for fortune, and as for fame
    I never invited them in