Skip to main content
  1. Home
  2. News

Lawsuit alleges Equifax’s stupid password made it super-easy to steal your data

By

Remember that epic Equifax hack from 2017? As it turns out, the company made it pretty easy for hackers to get in. A recent filing in the United States District Court for the Northern District of Georgia, Atlanta Division points out a few of the company’s missteps that might have led to the breach.

The first of those issues comes in the form of the password the company users to protect a portal used to manage credit disputes. While you might think a major company holding personal information like people’s names, addresses, and social security numbers might use an exceptionally secure password in that instance, it actually went for something a different: It used “admin” as both the username and password for the portal.

Not exactly the most secure move.

Recommended Videos

If the shoddy password wasn’t enough, the company also stored unencrypted user information on a public-facing server. That meant that any attacker that compromised the website’s server would immediately have access to all the personal information stored on it, with no additional work required.

Please enable Javascript to view this content

The website also wasn’t the only thing it left unencrypted. The company also failed to encrypt its mobile applications, so not only was it keeping sensitive data unencrypted on its own server, it was transmitting that data unencrypted over the internet.

When it did finally encrypt that data, it “left the keys to unlocking the encryption on the same public-facing servers, making it easy to remove the encryption from the data.”

The court filing suggests that the inadequacies in Equifax’s encryption protocol fell short of industry standards and data security laws, going as far to say that the company “did not know what they were doing with respect to data security.”

The hack on Equifax in 2017 reportedly impacted approximately 147 million people, exposing their personal information and social security numbers.

As part of a settlement from the incident, Equifax is paying more than $300 million toward credit monitoring services for the impacted customers. It’s also compensating customers who paid out-of-pocket expenses as a result of the breach.

If you were impacted, you can apply to receive credit monitoring services or a $125 settlement via Equifax’s site now.

Editors’ Recommendations

Topics
Emily Price
Emily Price
Former Digital Trends Contributor
Emily is a freelance writer based in San Francisco. Her book "Productivity Hacks: 500+ Easy Ways to Accomplish More at…
Update Firefox now to keep your web browser secure, users warned
Firefox icons

In a Mozilla support document, the company urges users to update Firefox before Friday, March 14, 2025, due to an expiring root certificate, as first reported by Bleeping Computer. Failure to update to the latest browser version will result in disruption and security risks.

Mozilla explained what could happen if users don't update by saying, "On March 14, 2025, a root certificate used to verify signed content and add-ons for various Mozilla projects, including Firefox, will expire. Without updating to Firefox version 128 or higher (or ESR 115.13+ for ESR users, including Windows 7/8/8.1 and macOS 10.12–10.14 users), this expiration may cause significant issues with add-ons, content signing and DRM-protected media playback.

Read more
Huawei teases an exciting device with a rollable, not foldable screen
The Huawei Pura 70 Ultra's logo on the back.

Just what is Huawei up to on March 20? In a teaser posted online, it seems the technology company is going to announce a device with a rollable screen, which expands from one size out into another. Such a device has been seen only as a concept before, but if Huawei is making a big deal out of it before the event, this may be the first time we’re seeing a commercial device which may be on sale soon.

Huawei The New Form - Break the 1610 Imagination | Huawei Pocket 3 Teaser

Read more
Microsoft’s Copilot can now control your phone from your PC
Microsoft Copilot Pro.

Microsoft Support announced an improvement to the Phone Connection app in a blog post. The update makes tasks like messaging, setting alarms, and locating places more manageable through the Copilot app. Microsoft set the update for general availability to all users by the end of February 2025. However, Phone Connection is not currently available in the web version of Copilot, as spotted by Windows Latest.

Microsoft aims to make everyday tasks more manageable by allowing you to access your contacts without picking up your phone. The app was formerly known as Phone Plugin and now has a refreshed visual design to make it nicer to look at. Microsoft says the feature "boosts your productivity by allowing you to perform common phone actions on your PC, such as sending messages, setting alarms and timers, locating places using the map on your device, and more, without needing to reach for your device."

Read more