INFRA
INFRA
INFRA
It turns out other credit agencies besides Equifax could be hacked too
Other credit reporting agencies were exposed to the same security vulnerabilities exploited in the Equifax Inc. hack as the comedy of errors at the company continues to compound.
News that Experian and AnnualCreditReport.com – an organization set up by Equifax, Experian Information Solutions Inc. and TransUnion LLC — were exposed to the Apache Struts2 vulnerability used in the Equifax hacks comes via U.K. security researcher Kevin Beaumont. On his blog, Beaumont wrote that not only were the companies wide open to being attacked but he also provided details of the vulnerability in March.
It gets even worse. Beaumont noted that XSS.cx, a security reporting site, also logged the Apache Struts2 vulnerability on both Experian and AnnualCreditReport.com around the same time — complete with a Common Vulnerabilities and Exposures reporting number — and informed the companies directly. Put simply, both were told that they were exposed to the vulnerability in March and failed to act on the information.
“All of this raises serious questions,” Beaumont writes. “When were these servers patched? What information was accessed? If consumer information was accessed, have they been notified?”
It’s unknown whether data has been stolen from Experian and AnnualCreditReport.com, but Beaumont’s question is relevant: If the data was there for the taking as it was with Equifax, was it also accessed and stolen?
The news that other credit reporting agencies were exposed to hacking comes on the same day the whole Equifax hacking story keeps on giving: A server used by the company’s Argentinian operation is so badly secured that anyone could obtain access using a default server username and password.
First reported by Brian Krebs, the problem is a server that was found to allow full access to its back end using the username/password combination of “admin/admin.” The data accessible included employee records and up to 14,000 records pertaining to customers who have had dealings with Equifax in the country.
It’s not clear whether any of the data from Equifax Argentina has been stolen. But at the time of its initial hack disclose, Equifax did say that data had been stolen from customers outside the U.S., including Canada and the U.K., so it’s quite possible Argentina could soon be on that list as well.
Photo: HypnoArt/Pixabay
A message from John Furrier, co-founder of SiliconANGLE:
Support our open free content by sharing and engaging with our content and community.
Join theCUBE Alumni Trust Network
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
11.4k+
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
