Equifax has identified the flaw in its website hackers used to breach its systems, potentially impacting 143 million Americans.
In a consumer update Wednesday night, the credit reporting firm pointed to a known security issue in the web applications software Apache Struts as the one used in the breach.
The flaw in Struts that was used by the hackers had actually been patched by the time hackers used it against Equifax — the patch was released mid-March while the breach was in May. But the patch had to be individually applied for all the web applications using Struts on the server, a process that takes time and effort.
Leave a reply