The massive market transformation this month that some on Wall Street called a "once in a decade opportunity" might have just been a one-off technical move because of taxes.Marketsread more
The Pentagon will deploy U.S. forces to the Middle East on the heels of the attack on Saudi Arabian oil facilities, United States Secretary of Defense Mark Esper announced...Defenseread more
CNBC did a deep dive through the most recent Wall Street research to find stocks that analysts say are underappreciated.Marketsread more
Shares of MasterCard are up 46% this year, and 1120% since 2011, getting a boost from the strong U.S. consumer.Investingread more
CNBC sat in on an "empathy training" at Amazon PillPack's Somerville offices, which is part of new hire orientation.Technologyread more
Trade with China is the 'big unknown' for the Federal Reserve as it decides how best to support the U.S. economy, says Council on Foreign Relations Director of International...Futures Nowread more
Lobbying experts said the visit is likely an attempt to be in lawmakers' ears as they consider legislation that would impact Facebook.Technologyread more
Yardeni Research's Edward Yardeni believes the U.S. economy is picking up steam.Trading Nationread more
Iran's audacious drone and cruise missile attack on Saudi Arabia's oil producing facilities has provided a critical test yet for the Trump administration's foreign policy. A...Politicsread more
Chinese trade negotiators suddenly canceled a visit to meet U.S. farmers after they wrapped up trade talks in Washington this week.Marketsread more
Scores of accounts on Equifax's website in Argentina allegedly were protected by the same generic username and password: "admin."
Researchers at Hold Security, a Milwaukee-based cybersecurity firm, found that after some guesswork, they were able to uncover personal employee information housed on Equifax's South American site, including names, emails, and Social Security equivalents of over 100 individuals.
The researchers easily acquired administrative access and quickly discovered consumer complaint records, complete with the Argentine equivalent of Social Security numbers, known as Documento Nacional de Identidad (National Identity Document).
"You don't expect anything like that," said Alex Holden, Hold Security's chief information security officer. "An ability to lookup cases for individuals based on a single numeric ID and gender drew our attention."
The research came as Equifax sank deeper into a controversy over its handling of a data breach that could affect 143 million people.
The credit reporting company is now facing multiple investigations. In a rare public acknowledgement, the Federal Trade Commission announced Thursday that it has opened a probe into Equifax's breach in the United States.
What Hold Security found is not related to the breach in the U.S., which Equifax disclosed last week. But Equifax promptly shut down the website after the research was made public by a security blogger named Brian Krebs.
In a statement to CNBC on Thursday, Equifax said:
"We learned of a potential vulnerability in an internal portal in Argentina which was not in any way connected to the cybersecurity event that occurred in the United States last week. We immediately acted to remediate the situation, which affected a limited amount of public information strictly related to consumers who contacted our customer service center and the employees who managed those interactions."
"What I can tell you is that we fixed the vulnerability immediately upon learning of it, and that this internal portal has not been in use since 2013. The Argentine consumer dispute information that was mentioned in the Krebs article is all publicly available, searchable and not confidential. Additionally, our consumer credit and commercial databases were not accessed or affected."
Since it announced the U.S. data breach last Thursday, Equifax shares have fallen more than 30 percent through Wednesday's close. But that's just the beginning of Equifax's woes.
The FTC's spokesman, Peter Kaplan, said Thursday, "In light of the intense public interest and the potential impact of this matter, I can confirm that FTC staff is investigating the Equifax data breach."
In addition, Massachusetts announced plans Wednesday to file a lawsuit, which will maintain that the company failed to adopt appropriate safeguards to protect the sensitive data. New York, Illinois, Pennsylvania and Connecticut and other states are also investigating, while nearly two dozen class-action lawsuits have already been filed.
Massachusetts Attorney General Maura Healey said Tuesday the Equifax breach "may be the most brazen failure to protect consumer data" her office has seen. Eric Schneiderman, New York's attorney general, warned people to be vigilant about hacking, email and other online attacks.
The disclosure of the U.S. data breach prompted Holden to take a look at Equifax's web security outside the U.S., he said. After first exploring the Argentine website, which initially required a national identification number, the researchers arrived at a different login interface after shortening the site's URL.
"We put in admin, admin [as credentials] and to our surprise we were in," he continued.
"We obviously did not state that there was a breach. We highlighted a horrendous security practice which, perhaps, was indicative of the overall data care that led to the breach in the US. But in my professional opinion, if any hacker would look at this part of the website, it would be breached," Holden told CNBC.
After making the initial discovery, Holden turned to security researcher Brian Krebs to assess his findings.
"Worse still," Krebs said, "each employee's username appears to be nothing more than their last name, or a combination of their first initial and last name. In other words, if you knew an Equifax Argentina employee's last name, you also could work out their password for this credit dispute portal quite easily."
Krebs is a widely followed blogger on security issues. "I don't have much advice for Argentinians whose data may have been exposed by sloppy security at Equifax," he said in a blog post on Tuesday. "But I have urged my fellow Americans to assume their SSN and other personal data was compromised."
Homeland Security Advisor Tom Bossert and Palo Alto Networks CEO Mark McLaughlin headline the Cambridge Cyber Summit on Oct.4 in Boston. Click here for more information and tickets.