Ten Minutes For Hackers To Get All Equifax Records on Americans?
According to a Motherboard article on VICE by Lorenzo Franceschi-Bicchierai published on Thursday, a security researcher had warned Equifax that it was vulnerable to the kind of attack that later compromised the personal data of more than 143 million Americans.
“I didn’t have to do anything fancy,” the researcher told Motherboard. “All you had to do was put in a search term and get millions of results, just instantly —- in cleartext…”
How easy was it? The researcher said the data of all of Equifax’s customers could have been downloaded in 10 minutes — social security numbers, full names, birthdates, and city and state of residence.
After discovering various security issues in December, the researcher immediately reported them to the company.
“It should’ve been fixed the moment it was found. It would have taken them five minutes, they could’ve just taken the site down.”
According to the researcher, Equifax didn’t take the site down until June. The company informed the public about the data breach in September.