An anonymous security researcher has shown Motherboard evidence that they warned Equifax in December 2016, six months before its catastrophic breach, disclosing numerous elementary deficiencies in Equifax security that left all of its data vulnerable to being stolen.
The researcher was able to download Equifax's files on "hundreds of thousands" of Americans and showed them to Equifax. The researcher was able to gain access to a public-facing employee portal by exploiting an easy-to-discover bug that was the result of an oversight on Equifax's part. It wasn't the only showstopper bug in Equifax's defenses: the researcher also warned Equifax about five servers on which they were able to seize shell access. Other servers were vulnerable to common tactics like SQL code-injection attacks, and across the board, servers were indifferently and unevenly patched.
Equifax never acted on these warnings.
Motherboard's Lorenzo Franceschi-Bicchierai spoke to several Equifax sources who described a culture of IT negligence and neglect, in which security audits and warnings were routinely disregarded, and where IT staff were unable to believe that their employers were so cavalier with the sensitive data the company had amassed.
On Monday night, the Republican-controlled Senate voted to rescind a consumer protection rule that guaranteed Americans the right to sue negligent and fraudulent financial institutions. As a result, it will likely be impossible to initiate a class action suit against Equifax.
"It's a strange company. Given the amount of data they have access to and the sensitivity of it, security isn't at the forefront of everybody's mind, not how it should be," another former Equifax cybersecurity employee told me. "It was always a bit of a struggle there to get anything done."
The anonymous researcher who could've downloaded all Americans' data knows this very well.
"I couldn't believe it, it was shocking," they told me. "It was just disgusting to see them take this long to do anything about it."
Equifax Was Warned
Evan Greer from Fight for the Future writes, "At this moment in history, it's just not okay for tech companies to support government agencies that are openly violating human rights. But while Salesforce's executives have been speaking out against US immigration policies, the company is maintaining a multimillion dollar contract with US Border Patrol. We […]
PepsiCo is buying SodaStream for $3.2 billion. SodaStream’s products, marketed as a healthy alternative to sugary sodas, fit Pepsi’s goal of “making more nutritious products while limiting our environmental footprint,” (Pepsi CEO Indra) Nooyi said in a statement. “Together, we can advance our shared vision of a healthier, more sustainable planet.” (CNN)
Economists like Alberto Alesina and Silvia Ardagna reshaped the world when their theories of "expansionary austerity" were put into effect after the 2008 crisis: the idea that governments could "increase taxes, cut spending, and grow strongly" was powerfully tempting to the world's leaders, who saw in them a way to pull out of a recessionary […]
Drones are undeniably cool, but not all of us have the Top Gun-level piloting skills required to fly them—unless you’re using TRNDlabs’ new Spectre Drone. Designed new and expert pilots alike, this drone is loaded with fly assist features to make piloting easy, all the while you explore using its built-in HD camera. It’s available in the […]
Whether you’re set to give the toast at your best friend’s wedding or a presentation at work, you’ll be relying on those public speaking lessons you slept through during high school. Scary thought, right? Thankfully, the Public Speaking Bundle is loaded with hacks, tips, and techniques that will get you speaking more naturally and with confidence, […]
The Adobe Creative Cloud suite is the foundation on which many creatives build their careers, but some of its programs, like Photoshop and InDesign, are notoriously complex, making it difficult for aspiring designers, photographers, and the like to break into their field. But, don’t get discouraged. The Pay What You Want: Adobe CC A-Z Lifetime Bundle […]