During the year of 2017 there were
many forms of data breaches and cyber crimes, for example the ransomware Wannacry
that encrypted personal files and only decrypted them until victims paid the
ransom or even the Wikileaks CIA Vault 7
Dump where the notorious hacking group released private spy tools used by
the CIA that included ‘zero-day’ an exploit,
malware, Trojans, and Viruses. But today I won’t be talking about those attacks
I will talk about the Equifax data breach
that leaked 143 million peoples private information.
So, what exactly happened? On July
29th 145.5 million customers of the Equifax credit report company had their
Names, Social security numbers, Drivers license was stolen while 209,000 of them had their card numbers leaked. In
essence, the whole Equifax database was leaked.
You might ask how did the this
happen, “How can one of the top 3 credit card agencies that deal with everyone
private information get hacked?” First, we have to look at how Equifax handles
their data, Equifax uses a framework called “Apache Struts” this framework
allows companies to make programs to manage large amounts of data. In March The Apache Software Foundation made an
announcement that there was a vulnerability in the software code
“CVE-2017-5638” They also released a fix for the venerability at the same time
it was announced. This means the company had almost two months to fix the
problem. The venerability allowed the hackers to use forms that were on the
Equifax website and send their own code to the servers crashing the built-in
security checks and executing the code remotely. This type of hack is called
remote code execution.
To prevent this from happening to
you, use your bank’s own credit report program instead of a third party
company, and if you were one of the people who got their information leaked
there was nothing you could have done other than not choosing Equifax but using
your bank, other than this there is nothing you could have done to stop this
from happening to you.