I’m sad and angry at the fact that the people at EQUIFAX continue to show how unreliable they are. But, this time it’s not about the things they are doing now, more like the things they’ve done in the past. Shockingly enough, the people at EQUIFAX were warned about their Cybersecurity hack. In true EQUIFAX fashion, they decided to just brush off the claims, why does that sound familiar?
According to Motherboard, a security researcher warned Equifax that it was vulnerable to the kind of attack that later compromised the personal data of more than 145 million Americans. Don’t worry though! EQUIFAX patched the problem… Six months after the cybersecurity incident already happened.
In other words, this just adds to the already big pile of reasons why EQUIFAX’s security wasn’t reliable. And one of the reasons why millions of people are pretty upset about the company. I hate to be the reminder of the bad news, but back then cybersecurity was handled by a Music Major.
The way the researcher found the vulnerability was by doing a scan of the servers and websites owned by EQUIFAX. Just a few hours later, the researcher had access to the data of millions upon millions of American citizens.
“I didn’t have to do anything fancy,” the researcher told Motherboard, explaining that the site was vulnerable to a basic “forced browsing” bug. “All you had to do was put in a search term and get millions of results, just instantly—in cleartext, through a web app,” they said. The researcher soon showed EQUIFAX the vulnerabilities within its systems.
And what needed to be done? The idiots who handled the company couldn’t even be bothered to do a simple process. “It should’ve been fixed the moment it was found. It would have taken them five minutes, they could’ve just taken the site down,” they told Motherboard. “In this case it was just ‘please take this site down, make it not public.’ That’s all they needed to do.”