Security Breach Due to Equifax Using “admin” as Username, Password

148 million Americans' personal info breached by hackers

By Jonny Lupsha, Wondrium Staff Writer

Equifax’s most secure computers had the word “admin” as both username and password, a class action lawsuit alleges. The unfortunate use of overly simple login credentials led to a data breach, resulting in hackers learning the private information of 148 million customers. Protecting yourself online doesn’t take a degree.

Close up of hands on keyboard
Safeguarding private information online is paramount through the use of strong computer passwords. Photo by Sata Production / Shutterstock

The class action lawsuit against Equifax shows an egregious lack of cybersecurity on every possible level. “According to the Amended Complaint, Equifax admitted that sensitive personal information relating to hundreds of millions of Americans was not encrypted, but instead was stored in plaintext, making it easy for unauthorized users to read and misuse,” the document reads. “Not only was this information unencrypted, but it was also accessible through a public-facing, widely used website.” The most jarring revelation is the use of the word “admin” as both a username and password to “protect a portal used to manage credit disputes.” While most people would know to create stronger usernames and passwords for their online lives, there are other tips to keep yourself safe on the internet.

Think before You Click

The internet is full of frauds, phonies, and hackers. At the same time, with the increasing trend of online business interfacing—from paying bills to ordering groceries online—it’s becoming harder and harder to live a computer-free life. The only realistic option for most people is to practice basic internet common sense.

“In the aftermath of a natural disaster, like, say, the 2010 earthquake in Haiti or Hurricane Sandy in 2012, lots of good people set up websites in order to collect money and goods through cyberspace,” said Professor Paul Rosenzweig, Professorial Lecturer in Law at The George Washington University Law School. “Malicious actors are attracted to money like moths to flame; a significant fraction of those sites were frauds. If you’re going to give money to people in need—and you should, because they need your help—go only to sites you know and have chosen yourself, like the American Red Cross.”

Professor Rosenzweig added that you should never click on a link from a random email that comes to your inbox. Impostors claiming to be major websites often come up with convincing emails to trick you into “logging into your account” on a very official-looking website. This scam is called “phishing.” Even clicking the link can hack your account.

“Think before you click,” Professor Rosenzweig said. “That’s not just a slogan; it’s good practice.”

The Password Is “Password”

Choosing the proper password to log into a website or your wi-fi can be difficult. If it’s easy to remember, it’s easy to crack. If it’s tough to crack, it’s tough to remember. However, making a tricky password is worth the trouble.

“Your password’s primary function isn’t to protect you from some petty thief with a low IQ,” Professor Rosenzweig said. “Nowadays, cunningly-designed computer programs are trolling the web for vulnerable accounts. Most password-cracking programs have a huge dictionary of the top 500,000 passwords or so, and they just check those first.”

Professor Rosenzweig added that the most common password on the internet is the word “password.” In second place is the number sequence “123456.” It’s a burden worth taking on to have yourself remember an odd assortment of letters and numbers and protect yourself from hackers.

Equifax is learning that lesson the hard way.

Paul Rosenzweig, J.D., contributed to this article. Mr. Rosenzweig is a Professorial Lecturer in Law at The George Washington University Law School

Paul Rosenzweig, J.D., contributed to this article. Professor Rosenzweig is a Professorial Lecturer in Law at The George Washington University Law School. He earned his J.D. from the University of Chicago Law School and then served as a law clerk to the Honorable R. Lanier Anderson III of the United States Court of Appeals for the Eleventh Circuit.