Equifax has already put 143 million U.S. consumers’ sensitive private data at risk, and now it has a whole new problem on its hands: an online employee portal in Argentina, which could be easily accessed using ‘admin’ as both the username and password, according to the BBC.
It’s a less-than-reassuring development for the credit report provider, and it was revealed this week by cybersecurity expert Brian Krebs.
The vulnerability Krebs identified was in a web portal that let the company’s employees in Argentina access credit report disputes for Argentinian consumers, he said.
“It was wide open, protected by perhaps the most easy-to-guess password combination ever: ‘admin/admin,’” Krebs wrote in a blog post detailing exactly how the vulnerability was discovered by Hold Security LLC, a U.S. cybersecurity firm that Krebs advises.
Forbes reports that about 14,000 records were accessible on the site over 715 different pages.
Equifax has already shut down the website in question, according to the BBC.
“We learned of a potential vulnerability in an internal portal in Argentina which was not in any way connected to the cybersecurity event that occurred in the United States last week,” an Equifax spokeswoman told the BBC. “We immediately acted to remediate the situation, which affected a limited amount of information strictly related to Equifax employees.”