As the dust settles on arguably the largest identity hack in history people have been trying to figure out exactly what went wrong. It was known that the hack used an known vulnerability with the Apache Struts framework, found in March of this year. An analysis by Ars Technica hints at an failure by Equifax to apply the patches and block theĀ Jakarta file upload multipart parser issues when found.
Blaming OSS for your mistakes is only valid if you keep it up to date, Equifax’s mistake is a lesson for us all.
Equifax hack = Failure to patch Struts
