A class action lawsuit filed against Equifax over its failures to protect sensitive user data, which led to the massive 2017 data breach, shows that the login credentials for one of the company’s portals containing confidential data consisted of ‘admin’ for both the username and password. The lawsuit, which was filed in federal court in the Northern District of Georgia, points out that using extremely weak credentials such as these “is a surefire way to get hacked.”
In addition, Equifax used unencrypted, public-facing servers to store the sensitive personal information. Moreover, for data that was encrypted by the company, Equifax “left the keys to unlocking the encryption on the same public-facing servers, making it easy to remove the encryption from the data.”
Read more: Equifax used ‘admin’ as username and password for sensitive data: lawsuit