Notebookcheck

Equifax security breach blamed on known web vulnerability in Apache Struts

Image: Equifax
Image: Equifax
One week after announcing a major data breach affecting over 143 million consumers, Equifax is pointing blame at a security vulnerability in the Apache Struts web framework. However, the vulnerability was publicly announced in March and a patch was available months before the attack.

Working For Notebookcheck

Are you a techie who knows how to write? Then join our Team!

Currently wanted: 
German-English-Translator - Details here

It’s been a hard week for Equifax, and it’s about to get worse. After announcing one of the largest and potentially most damaging data breaches in digital history last week, the credit reporting service is now pointing the finger at a web vulnerability in the Apache Struts framework used in their web servers. The big problem? The vulnerability was publicly announced back in March, two months before the hack occurred.

Apache Struts is a popular framework used by several large corporations to develop Java-based apps designed to run front- and back-end websites and servers. The exploited vulnerability in the framework is nothing new; when it was announced on March 6, hackers quickly took advantage of the security hole to access the web servers of other large corporations. However, a patch was quickly made available to Apache Struts users, who would need to download the patched version and rebuild their web servers accordingly.

As Experian is a massive corporation that produces billions of dollars in revenue, it’s very unlikely that the credit service lacked the capital or capacity to install the patch. Experian discovered the hack on July 29th and disclosed that their servers were accessed as far back as May, which gave Experian two months to fix the security hole.

The Experian hack is one of the most damning to date. Hackers gained access to several pieces of identifying information of over 143 million U.S. consumers. This includes Social Security numbers, first and last names, home addresses, and even driver’s license numbers. This information could be used for fraud, particularly financial fraud; most banks and credit card companies require nothing more than a social security number and driver’s license to open an account. Experian has offered free credit monitoring services and credit freezes to affected individuals.

Source(s)

static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2017 09 > Equifax security breach blamed on known web vulnerability in Apache Struts
Sam Medley, 2017-09-14 (Update: 2017-09-14)
Sam Medley
Sam Medley - Review Editor - @samuel_medley
I've been a "tech-head" my entire life. After graduating college with a degree in Mathematics, I worked in finance and banking a few years before taking a job as a Systems Analyst for my local school district. I started working with Notebookcheck in October of 2016 and have enjoyed writing news articles and notebook reviews. My areas of interest include the business side of technology, retro gaming, Linux, and innovative gadgets. When I'm not hunched over an electronic device or writing code for a new database, I'm either outside with my family, playing a decade-old video game, or sitting behind a drum set.