Hacker News new | comments | show | ask | jobs | submit login
[dupe] Equifax had 'admin' as login and password in Argentina (bbc.com)
48 points by phr4ts 11 months ago | hide | past | web | favorite | 9 comments

And funny enough these guys boast so much internal and external audit with bunch of iso standards and certifications!

One thing that struck me about Equifax, and a lot of other companies, is the complete patsy types that get hired into executive CIO positions. It seems to me that the CIO should be a highly technical, tactical, hands-on type of person that knows the ins and outs of every system in use. But companies focus too much on hiring "executive level" people that just look good externally. They might communicate well but their technical knowledge is so far gone that they are simply a face. BTW, it has nothing to do with age as I've seen 65+ CIOs with extremely sharp technical skills. Companies need to do a better job of grooming their own highly competent staff to be good executors, not just hiring somebody who "can lead a global team of IT professionals delivering the technology strategy".

> Companies need to do a better job of grooming their own highly competent staff to be good executors

Given that Equifax is unlikely to face any meaningful punishment over this ... why? Until the laws change to deincentivize this type of behavior, market forces have decided that a good face is the best choice for a company's profit margins. Corporations will always game for maximum profits, so it's up to us to set the parameters so that they work in a way that is healthy for society.

It seems that Equifax needs to be sued out of existence...no settling.

This would send a message that companies need to protect sensitive data or face severe consequences.

This is amazing; a couple years ago, I was denied a job at Equifax due to "inexperience".

Maybe I was inexperienced, but I kind of learned that you don't stick with the default passwords for everything pretty early on.

Glad to know my home router defaults have better security than the company responsible for half the country's SSNs...

"Its researchers explored the portal and within found a list of more 100 Argentina-based employees, the blogger disclosed.

Using this list they were able to uncover the workers' company usernames and passwords, which turned out to be matching words in each instance."

Unreal. So it wasn't just one admin, it was everyone.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact