The hackers who broke into Equifax exploited a nine-year-old security flaw

The hackers who broke into Equifax exploited a nine-year-old security flaw

7 years ago
Anonymous $wKBR2uNMvM

https://qz.com/1073221/the-hackers-who-broke-into-equifax-exploited-a-nine-year-old-security-flaw/

The credit reporting agency Equifax announced on Sept. 7 that hackers stole records containing personal information on up to 143 million American consumers. The hackers behind the attack, the company said, “exploited a U.S. website application vulnerability to gain access to certain files.”

That vulnerability, according to a report on the data breach by William Baird & Co., was in a popular open-source software package called Apache Struts, which is a programming framework for building web applications in Java. The vulnerability in Struts was just recently discovered by security researchers, who announced it earlier this week on Sept. 4. According to the researchers, the bug has existed since 2008.