Click to Skip Ad
Closing in...
  1. Prime Day Deals
    11:01 Deals

    Check these early Prime Day deals with prices so low, it’s like Amazon made a mistak…

  2. Fire TV Stick Prime Day Deal
    15:07 Deals

    Oops! Did Amazon’s $18 Fire TV Stick Lite deal just show up early?

  3. Amazon Deals
    07:59 Deals

    10 deals you don’t want to miss on Sunday: Free $25 Amazon credit, $230 Windows 10 l…

  4. Mattress Topper Amazon
    14:44 Deals

    33,000 Amazon shoppers say this mattress topper deserves 5 stars – today it’s…

  5. Amazon Deals
    10:42 Deals

    Today’s best deals: Free $25 from Amazon, $600 projector for $230, $8 wireless charg…

Months-old software bug was responsible for the devastating Equifax breach

September 14th, 2017 at 2:16 PM
equifax hack

The Equifax data breach in which the personal information of over 143 million Americans has already cost the company dearly. It’s lost nearly a third of its stock price and is currently facing what will be the largest class action lawsuit, and after announcing that the breach happened, there were more questions than answers. Now, Equifax is revealing what it believes led to the leak, and it’s blaming its woes on a vulnerability in web server software that hadn’t been patched months after a fix was released.

Equifax released an update on its investigation, detailing the issue:

Equifax has been intensely investigating the scope of the intrusion with the assistance of a leading, independent cybersecurity firm to determine what information was accessed and who has been impacted. We know that criminals exploited a U.S. website application vulnerability. The vulnerability was Apache Struts CVE-2017-5638. We continue to work with law enforcement as part of our criminal investigation, and have shared indicators of compromise with law enforcement.

The most embarrassing thing about all of this is that the vulnerability was actually a flaw that had been fixed months before the breach actually took place. As Ars Technica reports, a patch for the Apache Struts framework flaw had been issued on March 6th, 2017, and was a widely-known exploit that should have been a top priority for updating. Despite that, hackers found Equifax’s servers still exploitable in mid-May, and made off will the personal information of nearly half the country.

Before this discovery was made public, some had thought there may have been an unknown vulnerability in the Apache Struts software which led to the leak. As it turns out, an incredibly lax software security update policy was the real culprit, and Equifax has nobody to blame but itself.

It’s an incredibly shameful turn of events, and the fact that the company was essentially ignoring vital software patches will no doubt play a big role in how the class action case pans out. To put it simply, you wouldn’t want to be in Equifax’s shoes right about now.

Mike Wehner has reported on technology and video games for the past decade, covering breaking news and trends in VR, wearables, smartphones, and future tech.

Most recently, Mike served as Tech Editor at The Daily Dot, and has been featured in USA Today,, and countless other web and print outlets. His love of reporting is second only to his gaming addiction.

Popular News