Uncertain Extent of Non-Database Credentials in Equifax Credential File

Ascertain the number of non-database credentials included in the plaintext credential file discovered on an Equifax web server during the breach, beyond the 48 database credentials reported publicly.

Background

To replicate the Equifax breach, the authors model a plaintext credential file on a web server that included credentials to 48 databases, as reported publicly. For realism, they note uncertainty in public reports about whether the file also contained additional non-database credentials.

Due to this uncertainty, the authors assume in their emulation that the file only contained database credentials. The quoted sentence explicitly acknowledges the unresolved nature of the exact credential content in the real incident.

References

From public information, it is unclear how many additional non-database credentials were in the file, but we assume that the credential file only contained database credentials.

On the Feasibility of Using LLMs to Autonomously Execute Multi-host Network Attacks (2501.16466 - Singer et al., 27 Jan 2025) in Appendix A, Environments: Equifax-inspired environment (footnote)