This is sad and hilarious at the same time. According to reports, Equifax used “admin” as the username and password for a employee web portal in Argentina. I mean, at least they didn’t use “1234”?
The worst part of this is that this was NOT related to the big data breach they had in the U.S. This is just something that was found when they started examining Equifax digital security.
Per the article:
According to cybersecurity expert Brian Krebs — perhaps best known for his role in revealing the 2013 Target data breach that resulted in the theft of around 40 million credit card numbers — the Argentinian site was secured so poorly that anyone could theoretically impersonate an employee by simply reading their username and password off the site, or even add themselves as a new “employee” to the database.
I know this may not seem interesting or is something to worry about, but you absolutely should be worried. Experts and others are recommending that anyone with a credit history assume they were affected by the hack.
In a world where every app and website wants your information, it is easy to get complacent. But it can have far reaching implications for your credit, privacy, and create more opportunities for someone to get a hold of your online data.
Examples: Marketing groups can collect your data from companies that share/sell it (which is usually mentioned in the user agreement that we all ignore), particularly if that company is a client of theirs and uses their data warehousing or marketing systems. The company may switch marketing groups. What happens to the data that was collected in the previous agreement? It should be deleted, but as with Equifax, it’s dangerous to assume companies keep your data secure.
You want me to trust you with my social security number? Really?
I work in email marketing. I KNOW how much information is collected and how it is used, legally and in line with user agreements. And many of the companies have great data migration and retention policies. But mistakes happen, and the more companies that have this data, the more at risk you are. Even though it is beneficial from a marketing perspective, it is EXTREMELY disconcerting see how much marketing and data companies know about me just from looking at what sites I’ve visited, what I’ve bought, what emails I’ve clicked on, etc. Does receiving more targeted marketing for what you want, like ads and emails, outweigh the risks of more companies having access to your information and online activity? That is a question you have to answer for yourself.
Some basic tips on protecting yourself:
Not, not like that. Protecting your information online.
- Use complex passwords and change them frequently.
- If you can’t keep up with all your passwords, use a password manager like Dashlane. But be aware that even those are risky if someone gets access to your computer and manages to hack your master password.
- Be vigilant about what information you save on websites and apps, keep your personal information and devices secure offline and online, and if they are asking for sensitive information like a SS number, find out why they need it.
- Read through those user agreements. Know if the company/website is sharing your data, who they are sharing it with, and how it is secured.
- Know what to do if you suspect your data or identity was stolen.
- Before you type your card details into a website, ensure that the site is secure. Look for a small padlock symbol in the address bar (or elsewhere in your browser window) and a web address beginning with https:// (the s stands for ‘secure‘). You also need to check that the website is trustworthy.
- If you are using a wireless router at home, please lock it down with a difficult password so that only your household is using it. Do not enter in sensitive information on a public Wi-Fi hotspot…they are unsecured.