
Equifax had 'admin' as login and password in Argentina - phr4ts
http://www.bbc.com/news/technology-41257576
======
teraflop
Discussion from yesterday:
[https://news.ycombinator.com/item?id=15233399](https://news.ycombinator.com/item?id=15233399)

------
amrrs
And funny enough these guys boast so much internal and external audit with
bunch of iso standards and certifications!

------
purplezooey
One thing that struck me about Equifax, and a lot of other companies, is the
complete patsy types that get hired into executive CIO positions. It seems to
me that the CIO should be a highly technical, tactical, hands-on type of
person that knows the ins and outs of every system in use. But companies focus
too much on hiring "executive level" people that just look good externally.
They might communicate well but their technical knowledge is so far gone that
they are simply a face. BTW, it has nothing to do with age as I've seen 65+
CIOs with extremely sharp technical skills. Companies need to do a better job
of grooming their own highly competent staff to be good executors, not just
hiring somebody who "can lead a global team of IT professionals delivering the
technology strategy".

~~~
liberte82
> Companies need to do a better job of grooming their own highly competent
> staff to be good executors

Given that Equifax is unlikely to face any meaningful punishment over this ...
why? Until the laws change to deincentivize this type of behavior, market
forces have decided that a good face is the best choice for a company's profit
margins. Corporations will always game for maximum profits, so it's up to us
to set the parameters so that they work in a way that is healthy for society.

------
SubiculumCode
It seems that Equifax needs to be sued out of existence...no settling.

This would send a message that companies need to protect sensitive data or
face severe consequences.

------
tombert
This is amazing; a couple years ago, I was denied a job at Equifax due to
"inexperience".

Maybe I was inexperienced, but I kind of learned that you don't stick with the
default passwords for everything pretty early on.

------
shmerl
[https://www.youtube.com/watch?v=JSZTPuJ14Ro](https://www.youtube.com/watch?v=JSZTPuJ14Ro)

------
cgb223
Glad to know my home router defaults have better security than the company
responsible for half the country's SSNs...

------
CamelCaseName
"Its researchers explored the portal and within found a list of more 100
Argentina-based employees, the blogger disclosed.

Using this list they were able to uncover the workers' company usernames and
passwords, which turned out to be matching words in each instance."

Unreal. So it wasn't just one admin, it was everyone.

