Sunday, September 10, 2017

Struts Framework Problem led to Equifax Data Breach

Hackers gained access to millions of credit report holders' information via a known Java Struts vulnerability.

The credit reporting agency Equifax announced on Sept. 7 that hackers stole records containing personal information on up to 143 million American consumers. The hackers behind the attack, the company said, “exploited a U.S. website application vulnerability to gain access to certain files.” That vulnerability, according to a report on the data breach by William Baird & Co., was in a popular open-source software package called Apache Struts, which is a programming framework for building web applications in Java. Two vulnerabilities in Struts have been discovered so far in 2017.

The breach details can be found here...


No comments:

Post a Comment