Equifax Execs' 'Alarmingly Simple' Passwords for Sale on Dark Web

Comodo's Global Threat Analysis Report found endpoint data for hundreds of Equifax users and employees for sale on the Dark Web, and says login credentials failed to comply with the most lax of security best practices.

Kris Blackmon, Head of Channel Communities

September 16, 2017

3 Min Read

When Bill Burr wrote his password recommendations for the National Institute of Standards and Technology (NIST) more than a dozen years ago, it included advice such as utilizing special characters, random capitalization and frequent changes. Carlos Solari was working in the White House managing information technology and security at the time. Immediately, Solari wasted no time in pushing the government adopted the recommended password requirements.

Burr came out this past August to walk back some of those recommendations in favor of longer, more user-friendly passwords. Solari, now VP of cybersecurity services at Comodo, was already two steps ahead and wise to NIST’s updated recommendations, released in June.

Too bad the executives at Equifax weren’t.

In a blog post released today, Comodo says that more than 388 records of Equifax user and employee endpoint data is available for sale on the Dark Web, including usernames, titles, passwords and login URLs, plus the dates on which they were obtained.

Here’s the kicker. Comodo found that many of the compromised employee accounts, including some belonging to members of the highest levels of management, were “alarmingly simple.” The investigation found that Equifax’s chief privacy officer, CIO, vice president of PR and vice president of sales used all lowercase letters, no special symbols and easily guessable words like spouses’ names, city names and even combinations of initials and birth year.

In other words, these executives’ standards for password security fell short of that of my 10-year-old niece. While Comodo says Equifax has most likely changed all passwords since the exposure of the cyberattack, there’s “a very high probability” that the passwords for sale on the Dark Web were used with internal Equifax applications considering most people use the same password for multiple applications.

Clearly, Equifax failed to mandate and enforce even the most basic of security best practices, despite the slew of cyberattacks on enterprise systems in recent years that have resulted in compromised data for tens of millions of consumers. Which has just about everyone scratching their heads. Why is it taking so long for corporations to catch up to even the most basic level of security best practices?

“I thought maybe last year was the year that corporations would begin to take security measures more seriously,” Solari told The VAR Guy. Here’s to hoping that the events of 2017 will be what do the trick. “With the rise of ransomware in these huge breaches like Petya and WannaCry, combined with the Equifax breach, hopefully corporations will begin taking security more seriously.”

The new General Data Protection Regulation (GDPR) in Europe will also help, says Solari since the data protection measure will apply to the export of personal data outside the EU to countries like the U.S. “It’ll be like gravity,” he explains. Once Europe adopts it, everyone who does business in the region will be pulled in a more secure direction.

Solari says the credentials were stolen via zero-day exploits using pony malware, a Russian (shocker) password stealer kit that can execute through phishing attacks or web application vulnerabilities. The pony sneaks in, exfiltrates data on the credentials of more than 90 applications, grabs the passwords then deletes all traces of itself.

The investigation was done using Comodo’s free ‘Global Threat Analysis Report,’ which scours the Dark Web to see if enterprises’ sensitive data is being traded and gives recommendations on how to restore security.

As for partners who want to ensure their customers’ data isn’t being peddled on the Dark Web, VP of marketing David Liff says Comodo offers a host of free tools on its website, including remote monitoring and management, patch management, forensic analysis tools and service desk. They can even work with partner success specialists to help themselves or their customers walk through the Dark Web. Of course, Comodo hopes once MSPs see the value of these tools, they’ll choose to purchase the company’s security solutions, but regardless, the free resources are a good way for partners to get an idea of whether or not their customers’ data has been compromised.


Read more about:


About the Author(s)

Kris Blackmon

Head of Channel Communities, Zift Solutions

Kris Blackmon is head of channel communities at Zift Solutions. She previously worked as chief channel officer at JS Group, and as senior content director at Informa Tech and project director of the MSP 501er Community. Blackmon is chair of CompTIA's Channel Development Advisory Council and operates KB Consulting. You may follow her on LinkedIn and @zift on X.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like