INFRA
INFRA
INFRA
It turns out other credit agencies besides Equifax could be hacked too
Other credit reporting agencies were exposed to the same security vulnerabilities exploited in the Equifax Inc. hack as the comedy of errors at the company continues to compound.
News that Experian and AnnualCreditReport.com – an organization set up by Equifax, Experian Information Solutions Inc. and TransUnion LLC — were exposed to the Apache Struts2 vulnerability used in the Equifax hacks comes via U.K. security researcher Kevin Beaumont. On his blog, Beaumont wrote that not only were the companies wide open to being attacked but he also provided details of the vulnerability in March.
It gets even worse. Beaumont noted that XSS.cx, a security reporting site, also logged the Apache Struts2 vulnerability on both Experian and AnnualCreditReport.com around the same time — complete with a Common Vulnerabilities and Exposures reporting number — and informed the companies directly. Put simply, both were told that they were exposed to the vulnerability in March and failed to act on the information.
“All of this raises serious questions,” Beaumont writes. “When were these servers patched? What information was accessed? If consumer information was accessed, have they been notified?”
It’s unknown whether data has been stolen from Experian and AnnualCreditReport.com, but Beaumont’s question is relevant: If the data was there for the taking as it was with Equifax, was it also accessed and stolen?
The news that other credit reporting agencies were exposed to hacking comes on the same day the whole Equifax hacking story keeps on giving: A server used by the company’s Argentinian operation is so badly secured that anyone could obtain access using a default server username and password.
First reported by Brian Krebs, the problem is a server that was found to allow full access to its back end using the username/password combination of “admin/admin.” The data accessible included employee records and up to 14,000 records pertaining to customers who have had dealings with Equifax in the country.
It’s not clear whether any of the data from Equifax Argentina has been stolen. But at the time of its initial hack disclose, Equifax did say that data had been stolen from customers outside the U.S., including Canada and the U.K., so it’s quite possible Argentina could soon be on that list as well.
Photo: HypnoArt/Pixabay
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
