During the year of 2017 there weremany forms of data breaches and cyber crimes, for example the ransomware Wannacrythat encrypted personal files and only decrypted them until victims paid theransom or even the Wikileaks CIA Vault 7Dump where the notorious hacking group released private spy tools used bythe CIA that included ‘zero-day’ an exploit,malware, Trojans, and Viruses.
But today I won’t be talking about those attacksI will talk about the Equifax data breachthat leaked 143 million peoples private information.So, what exactly happened? On July29th 145.5 million customers of the Equifax credit report company had theirNames, Social security numbers, Drivers license was stolen while 209,000 of them had their card numbers leaked. Inessence, the whole Equifax database was leaked.You might ask how did the thishappen, “How can one of the top 3 credit card agencies that deal with everyoneprivate information get hacked?” First, we have to look at how Equifax handlestheir data, Equifax uses a framework called “Apache Struts” this frameworkallows companies to make programs to manage large amounts of data.
In March The Apache Software Foundation made anannouncement that there was a vulnerability in the software code”CVE-2017-5638″ They also released a fix for the venerability at the same timeit was announced. This means the company had almost two months to fix theproblem. The venerability allowed the hackers to use forms that were on theEquifax website and send their own code to the servers crashing the built-insecurity checks and executing the code remotely. This type of hack is calledremote code execution. To prevent this from happening toyou, use your bank’s own credit report program instead of a third partycompany, and if you were one of the people who got their information leakedthere was nothing you could have done other than not choosing Equifax but usingyour bank, other than this there is nothing you could have done to stop thisfrom happening to you.