U.S. stock futures were poised for a second day of gains, following the official announcement of a debt and spending deal by the White House and congressional leaders.Morning Briefread more
Coca-Cola topped Wall Street's expectations for earnings and revenue.Food & Beverageread more
Boris Johnson, one of the biggest voices in the Brexit movement, won the Conservative Party leadership race on Tuesday.Europe Politicsread more
U.S. stock index futures were higher Tuesday morning after results from major companies topped expectations.US Marketsread more
Iran is pushing boundaries amid rising tensions in the Gulf, but President Trump has so far not been "compelled" to retaliate militarily, analysts say.World Politicsread more
The Trump administration on Tuesday will propose a rule to tighten food stamp restrictions that would cut about 3.1 million people from the program, U.S. Department of...Politicsread more
Two traders say Boeing's on the path to recovery.Trading Nationread more
Boris Johnson is to be the U.K.'s next prime minister but the charismatic and controversial figure will already divides the party and British public alike.Europe Politicsread more
The deal could be announced as soon as next week, according to the report.Technologyread more
The deal between the White House and Democrats was earlier expected to raise the debt ceiling for two years and permanently end the sequester.Politicsread more
Mallinckrodt Pharmaceuticals plans to separate its business into two: one with its brand-name medicines; the other with its specialty generic drugs — including ooxycodone and...Biotech and Pharmaceuticalsread more
Scores of accounts on Equifax's website in Argentina allegedly were protected by the same generic username and password: "admin."
Researchers at Hold Security, a Milwaukee-based cybersecurity firm, found that after some guesswork, they were able to uncover personal employee information housed on Equifax's South American site, including names, emails, and Social Security equivalents of over 100 individuals.
The researchers easily acquired administrative access and quickly discovered consumer complaint records, complete with the Argentine equivalent of Social Security numbers, known as Documento Nacional de Identidad (National Identity Document).
"You don't expect anything like that," said Alex Holden, Hold Security's chief information security officer. "An ability to lookup cases for individuals based on a single numeric ID and gender drew our attention."
The research came as Equifax sank deeper into a controversy over its handling of a data breach that could affect 143 million people.
The credit reporting company is now facing multiple investigations. In a rare public acknowledgement, the Federal Trade Commission announced Thursday that it has opened a probe into Equifax's breach in the United States.
What Hold Security found is not related to the breach in the U.S., which Equifax disclosed last week. But Equifax promptly shut down the website after the research was made public by a security blogger named Brian Krebs.
In a statement to CNBC on Thursday, Equifax said:
"We learned of a potential vulnerability in an internal portal in Argentina which was not in any way connected to the cybersecurity event that occurred in the United States last week. We immediately acted to remediate the situation, which affected a limited amount of public information strictly related to consumers who contacted our customer service center and the employees who managed those interactions."
"What I can tell you is that we fixed the vulnerability immediately upon learning of it, and that this internal portal has not been in use since 2013. The Argentine consumer dispute information that was mentioned in the Krebs article is all publicly available, searchable and not confidential. Additionally, our consumer credit and commercial databases were not accessed or affected."
Since it announced the U.S. data breach last Thursday, Equifax shares have fallen more than 30 percent through Wednesday's close. But that's just the beginning of Equifax's woes.
The FTC's spokesman, Peter Kaplan, said Thursday, "In light of the intense public interest and the potential impact of this matter, I can confirm that FTC staff is investigating the Equifax data breach."
In addition, Massachusetts announced plans Wednesday to file a lawsuit, which will maintain that the company failed to adopt appropriate safeguards to protect the sensitive data. New York, Illinois, Pennsylvania and Connecticut and other states are also investigating, while nearly two dozen class-action lawsuits have already been filed.
Massachusetts Attorney General Maura Healey said Tuesday the Equifax breach "may be the most brazen failure to protect consumer data" her office has seen. Eric Schneiderman, New York's attorney general, warned people to be vigilant about hacking, email and other online attacks.
The disclosure of the U.S. data breach prompted Holden to take a look at Equifax's web security outside the U.S., he said. After first exploring the Argentine website, which initially required a national identification number, the researchers arrived at a different login interface after shortening the site's URL.
"We put in admin, admin [as credentials] and to our surprise we were in," he continued.
"We obviously did not state that there was a breach. We highlighted a horrendous security practice which, perhaps, was indicative of the overall data care that led to the breach in the US. But in my professional opinion, if any hacker would look at this part of the website, it would be breached," Holden told CNBC.
After making the initial discovery, Holden turned to security researcher Brian Krebs to assess his findings.
"Worse still," Krebs said, "each employee's username appears to be nothing more than their last name, or a combination of their first initial and last name. In other words, if you knew an Equifax Argentina employee's last name, you also could work out their password for this credit dispute portal quite easily."
Krebs is a widely followed blogger on security issues. "I don't have much advice for Argentinians whose data may have been exposed by sloppy security at Equifax," he said in a blog post on Tuesday. "But I have urged my fellow Americans to assume their SSN and other personal data was compromised."
Homeland Security Advisor Tom Bossert and Palo Alto Networks CEO Mark McLaughlin headline the Cambridge Cyber Summit on Oct.4 in Boston. Click here for more information and tickets.