gizmodo.com - 10 days ago
Oh Man, You're Gonna Hate What Equifax Just Admitted About That Security Breach
Photo: AP Equifax, the major credit reporting agency which collected extensive financial data on hundreds of millions of Americans before losing said data on 143 million of those people to hackers, has finally explained what went wrong.
You are so not going to like it. In a post on a website designed to spread information on how the company is handling the hack, Equifax said it had tracked down the vulnerability: Equifax has been intensely investigating the scope of the intrusion with the assistance of a leading, independent cybersecurity firm to determine what information was accessed and who has been impacted. We know that criminals exploited a U.S. website application vulnerability. The vulnerability was Apache Struts CVE-2017-5638. We continue to work with law enforcement as part of our criminal investigation, and have shared indicators of compromise with law enforcement. As Ars Technica noted, Apache Struts is a “framework for developing Java-based apps that run both front-end and back-end Web servers” which is extremely popular with financial institutions. Advertisement The bug in question was fixed with a patch on March 6.
Full story on gizmodo.com