Equifax’s Mega-Breach Was Made Possible by a Website Flaw It Could Have Fixed -

Equifax’s Mega-Breach Was Made Possible by a Website Flaw It Could Have Fixed

Credit: fortune.com

  • About: 7 days ago
  • 4 views

Good website security is tough, but the consequences of bad website security can be far tougher. That appears to be one of the big lessons coming out the debacle surrounding Equifax’s mega-breach, which has “humbled” the credit-reporting giant.

On Wednesday, Equifax gave an update on its investigations of the breach, explaining that it had identified the culprit--a vulnerability on part of its U.S. website, specifically a flaw in the open-source Apache Struts framework it used to build its web applications.

This particular vulnerability, which carries the code “CVE-2017-5638,” was fixed back in early March, with patches becoming available then to everyone who uses Struts. Equifax said the breach occurred in the middle of May.

That means Equifax’s IT department had the means to fix the problem for a couple of months, but did not. The rest is history.

To be fair, as Ars Technica has pointed out, this was not an easy flaw to fix. It meant rebuilding all the web apps that people had already built using Struts, except this time using the updated version.

So at this point, it remains possible that Equifax’s development team might have been in the process of doing this when the breach hit.

But even if that were the case, they would have been too slow. It only took a few days after the bug was made public on March 6 for hackers to start attacking websites that relied on the framework. More than two months later, they scored their biggest hit.

Now, with more than 143 million people having lost their personal details, Equifax is facing questions from legislators and the public. So far, the answers aren’t proving comfortable.

Follow Us on Twitter

Related stories with Equifax’s Mega-Breach Was Made Possible by a Website Flaw It Could Have Fixed

When does Making a Murderer season 2 start? Netflix release date for Steven Avery series -World News
When does Making a Murderer season 2 start? Netflix release date for Steven Avery series 7 days ago
FILMMAKERS have already spoken to Steven Avery for the next season of Making a Murderer. But when does season 2 come out?
NerdWallet: How to get a tax deduction when you move -World News
NerdWallet: How to get a tax deduction when you move 7 days ago
If you’re moving for work, you might be able to score a tax break.
Americans don’t like their menus to be too authentic -World News
Americans don’t like their menus to be too authentic 7 days ago
Restaurants may pride themselves on authentic-sounding menus, but some people prefer their menus have more dishes with Americanized names.
Next Avenue: How to send your kids to college free or almost free -World News
Next Avenue: How to send your kids to college free or almost free 7 days ago
There are several ways students can get away with barely paying anything for their college education.
Susanna Reid reveals she’s QUIT social media over 'nasty' trolls  -World News
Susanna Reid reveals she’s QUIT social media over 'nasty' trolls 7 days ago
GOOD MORNING BRITAIN host Susanna Reid has admitted that she’s had to leave social media due to abuse from online trolls.
The Wall Street Journal: The big snag in ethical investing -World News
The Wall Street Journal: The big snag in ethical investing 7 days ago
The decision to invest more ethically is more complex than many investors realize.
Why you shouldn’t turn to Facebook and Twitter with customer service problems -World News
Why you shouldn’t turn to Facebook and Twitter with customer service problems 7 days ago
How social media does — and doesn’t — empower consumers.
Five things you should know before you start your work day on Sept. 14 -World News
Five things you should know before you start your work day on Sept. 14 7 days ago
Here are a few key stories we're following today in the Financial Post
Japan commission supports nuclear power despite Fukushima -World News
Japan commission supports nuclear power despite Fukushima 7 days ago
TOKYO — Japan’s nuclear-policy-setting Atomic Energy Commission issued a report Thursday calling for nuclear energy to remain a key component of the country’s energy mix despite broad public support for a less nuclear-reliant society. Th
New plastic Jane Austen 10-pound note launched in UK -World News
New plastic Jane Austen 10-pound note launched in UK 7 days ago
LONDON — A new plastic ten-pound note featuring Jane Austen, one of Britain’s most renowned authors, has gone into circulation. The new ‘tenner’ is the first British banknote with a tactile feature involving a series of raised dots
Sebi orders forensic audit of 3 firms as clampdown on shell cos continues -World News
Sebi orders forensic audit of 3 firms as clampdown on shell cos continues 7 days ago
Sebi has observed that Edynamics Solutions Ltd, Info-Drive Software Ltd and Trinity Tradelink Ltd were involved in misrepresentation of books of accounts
Newly famous Wayne Rooney's 'kiss and cuddle' party girl flashes the cash donating money to homeless man as she heads to London -World News
Newly famous Wayne Rooney's 'kiss and cuddle' party girl flashes the cash donating money to homeless man as she heads to London 7 days ago
Wayne and Coleen's marriage was rocked when he was found drunk at the wheel of Laura's car