As Equifax — and American consumers — still grapple with the fallout from the company’s recent massive data breach, one security researcher claims they told Equifax about the vulnerability last year, months before the breach occurred.
The security researcher — who requested anonymity — told Motherboard it only took hours to find an Equifax website that had “completely exposed” personal data such as social security numbers, full names, birthdates, and residential addresses. The site was vulnerable to a basic “forced browsing” bug.
The researcher claims they could have downloaded the data of “all of Equifax’s customers in 10 minutes.” These issues were discovered last December, and were immediately reported to the company, the researcher said. The site was not taken down until June.
The anonymous researcher claims there were multiple ways to access Equifax’s networks, and is convinced more than one group of hackers got into the data.
“If it took me three hours to find that website, I definitely think I’m not the only one who found it,” the researcher told Motherboard. “It wasn’t just one breach. It was maybe dozens.”
The report also includes interviews with former employees who were convinced Equifax wasn’t doing enough to prepare for such an event. To these workers, Cybersecurity did not appear to be a serious concern to the company.
First disclosed in September, details are still leaking out about the Equifax hack. The credit reporting firm re-upped its initial estimates of affected consumers weeks after the initial disclosure — it’s now believed more than 145 million Americans may have potentially been affected by the data breach.
Further reports noted that customers in the United Kingdom and Canada were also affected by the incident, and it’s believed that more than 10 million U.S. drivers had their license information compromised in the breach.
Equifax isn’t the only company to suffer a huge data breach in recent years. To learn more, check out our article Not Just Equifax: Six Of The Biggest Data Breaches In The Modern Tech Era.