Lawsuit claims Equifax used default ‘admin’ password during massive hack

News
By published

There are no words (well, there are, just not very nice ones).

(Image credit: Pixabay (via RyanMcGuire))

It's been more than two years since Equifax disclosed a data breach that exposed the details of nearly 150 million Americans, and it still ranks as one of the worst security screw-ups of all time. Adding insult to injury, new details have come to light that underscore just how careless Equifax might have been at the time.

A class action lawsuit (PDF) filed in the United States District Court for the Northern District of Georgia, Atlanta Division, alleges Equifax used the default username "admin" to protect a portal used to manage credit disputes. Same goes for the password—at the time of the breach, it too was still the default "admin," according to the lawsuit.

"This portal contained a vast trove of personal information. According to cybersecurity experts, these shortcomings demonstrated 'poor security policy and a lack of due diligence'. Equifax’s authentication practices fell short of the data security standards, which recommend the use of multi-factor authentication," the lawsuit states.

The class-action lawsuit says using the default password "is a surefire way to get hacked." It's certainly boneheaded, if in fact Equifax never bothered to change either the username or password, as the lawsuit alleges.

Other claims of security lapses are made in the lawsuit as well, each representative of a company that "allegedly failed to take some of the most basic precautions to protect its computer systems from hackers."

For example, in addition to the use of "weak passwords and security questions," the lawsuit claims "Equifax relied upon four-digit PINs derived from Social Security numbers and birthdays to guard personal information, despite the fact that these passwords had already been compromised in previous breaches."

According to the lawsuit, a breach of this size "would not have occurred if Equifax had implemented better monitoring systems."

Equifax is one of three major US credit monitoring bureaus. When first disclosing the breach, Equifax said it impacted around 143 million Americans. A year later, however, Equifax said it discovered at least 2.4 million more names that may have potentially been affected as well.

Hopefully this does not become an annual trend, where each year the news gets worse. That may have to wait for 2020, though, if the claims in the lawsuit are accurate.

Paul Lilly
Paul Lilly

Paul has been playing PC games and raking his knuckles on computer hardware since the Commodore 64. He does not have any tattoos, but thinks it would be cool to get one that reads LOAD"*",8,1. In his off time, he rides motorcycles and wrestles alligators (only one of those is true).

Latest in Security
An FBI wanted poster for alleged hacker Zhou Shuai.
US Justice Dept announces $10 million bounty on at-large 'hacker-for-hire' cabal it says targeted China critics, religious missionaries, and the Treasury
Kinzie, in an FBI jacket, uses a computer with the logo of the Third Street Saints on it
Have I Been Pwned adds over 284 million compromised passwords from latest breach
A still from a YouTube video of Senator Mark Warner speaking
Telecoms hack on US government officials is 'worst in nations history' and 'the barn door is still wide open' says senator
HDMI cable
Hackers can wirelessly spy on your display by collecting HDMI signal leaks and churning them through an AI, but I wouldn't break out the tin foil just yet
Computer code and text displayed on computer screens. Photographer: Chris Ratcliffe/Bloomberg
Forcing users to periodically change their passwords should go the way of the dodo according to the US government
An original Apple Macintosh Model M0001, as they celebrate 40th anniversary, is on display in between 2024 Apple models at the independent Apple products store chain Amac, on January 24, 2024 in Utrecht, The Netherlands. Based on the Motorola 68000 microprocessor, the Macintosh was the first successful mouse-driven computer with a graphical user interface.
Major browser providers scramble to patch an 18-year-old vulnerability affecting MacOS and Linux systems but Windows remains gloriously immune
Latest in News
An Enshrouded player in a recreation of Erebor from The Lord of the Rings
Kings under the Mountain! 33 Enshrouded players spent 10,000 hours to recreate this iconic location from The Lord of the Rings
A mech awakens.
Mecha Break developer is considering unlocking all mechs following open beta feedback
Lara Croft Unified Art
Tomb Raider developer Crystal Dynamics lays off 17 employees 'to better align our current business needs and the studio's future success'
A long bendy arm stealing money from people in a subway car
'You're a very long arm. You steal things. It's a comedy game,' explains developer of comedy game where you steal things with a very long arm
The heroes are attacked by monsters
Pillars of Eternity is getting turn-based combat to mark its 10th anniversary, and that means PC Gamer editors will soon be arguing about combat mechanics again
Image of Ronaldo from Fatal Fury: City of the Wolves trailer
It doesn't really make sense that soccer star Ronaldo is now a Fatal Fury character, but if you follow the money you can see how it happened
More about security
An FBI wanted poster for alleged hacker Zhou Shuai.

US Justice Dept announces $10 million bounty on at-large 'hacker-for-hire' cabal it says targeted China critics, religious missionaries, and the Treasury
Kinzie, in an FBI jacket, uses a computer with the logo of the Third Street Saints on it

Have I Been Pwned adds over 284 million compromised passwords from latest breach
kingdom come deliverance 2 thunderstone quest

Kingdom Come: Deliverance 2's masterful quest design can be summed up by one wonderfully weird search for a magic stone
See more latest
Most Popular
An Enshrouded player in a recreation of Erebor from The Lord of the Rings
Kings under the Mountain! 33 Enshrouded players spent 10,000 hours to recreate this iconic location from The Lord of the Rings
A mech awakens.
Mecha Break developer is considering unlocking all mechs following open beta feedback
Lara Croft Unified Art
Tomb Raider developer Crystal Dynamics lays off 17 employees 'to better align our current business needs and the studio's future success'
A long bendy arm stealing money from people in a subway car
'You're a very long arm. You steal things. It's a comedy game,' explains developer of comedy game where you steal things with a very long arm
The heroes are attacked by monsters
Pillars of Eternity is getting turn-based combat to mark its 10th anniversary, and that means PC Gamer editors will soon be arguing about combat mechanics again
Image of Ronaldo from Fatal Fury: City of the Wolves trailer
It doesn't really make sense that soccer star Ronaldo is now a Fatal Fury character, but if you follow the money you can see how it happened
Junah beginning a battle in Metaphor: ReFantazio.
Today's RPG fans are 'very sensitive to feeling like they wasted time' when they die, says Metaphor: ReFantazio battle planner—but Atlus still made combat hard anyway
Image of Cersei Lanniser from Game of Thrones: Kingsroad Steam early access trailer
A new Game of Thrones RPG is coming to Steam today with a cast of 'familiar faces,' which is good because it's really the only way to tell it's a GoT game at all
The new Prime Asset featured in the upcoming update for the Outlast Trials.
The Outlast Trials puts its already paranoid players under surveillance for a time-limited story event
A Viera looking confused in Final Fantasy 14.
Old armor continues to fall victim to Final Fantasy 14's bizarre two-channel dye system, unless you're super into changing the colour of teeny-tiny eyelets: 'Why even bother at this point?'