It was a message of PR relief for Equifax skinsuits who spend their life cycles benefiting (and we are powerless to stop) from tracking and trading our personal and financial information. Especially now that we're seeing reports of four Chinese hackers "defeating Equifax".
That sure sounds a lot better (for her) than the fact that Equifax's security deficiencies have been so bad for so long that a violation has been inevitable. A month after Equifax admitted the violation, the press and experts noticed the multitude of problems that were likely to result in "more than one group of hackers breaking into the company".
Yes, something makes me think that China's hackers are more of a hacker "hoarder" than a "sing Kumbaya" type ̵
And that's the thing: None of us have registered for Equifax. But here we are.
Stop me if you've heard this before.
The stolen files were referred to as "records". In early 2018, however, Equifax was forced to allow "records" – our names, home addresses, dates of birth, social security numbers, credit records, driver's licenses, passports and everything.
By March 2018, the company was revealed to have found a few more victims of violations in its sofa cushions. "In September last year, Equifax announced that 145 million US customers may have stolen their information," the BBC said carelessly. "The investigation into the violation has revealed that the details of another 2.4 million Americans have gone astray."
The company had been warned by a security researcher to fix its vulnerabilities months before the alleged first attack. This researcher shared his findings with the press, showing that a public web portal allowed anyone "without any authentication" to access each American's personal information, including social security numbers, full names, dates of birth, and city and country of residence. "" What's more:
While investigating Equifax servers and sites, the researcher said they could take control of multiple Equifax servers or get shell access, as hackers point to, and found several others for simple errors like SQL injection, a common, basic way to attack websites. Outdated software was running on many servers … Equifax had made thousands of servers available on the Internet …
The researcher reported all of this to the company. "If it took me three hours to find this website, I definitely think I'm not the only one who found it," they said to Motherboard. "It wasn't just a violation. Maybe there were dozens."
Six months after this first researcher informed the company about the vulnerability, Equifax patched it – but only after the massive violation, according to Equifax, had already occurred in Timeline.
When Equifax was invited to a congressional hearing on the apocalypse of data protection and consumer identity on the carpet, EquJ reported that Equifax & # 39; temporary executive told Congress that he wasn't sure whether the company was encrypting consumer data. Equifax actually stored unencrypted user data on a publicly accessible server and "didn't encrypt its mobile applications either – and when it encrypted data, it left the encryption keys on the same publicly accessible servers."
Finally, a large class action complaint revealed that this was not all: we found that Equifax internally & # 39; admin & # 39; used as username and password.
But okay. They want us to blame China.