Vulnerable software that helped cause Equifax breach still being used by major U.S. corporations

Vulnerable software that helped cause Equifax breach still being used by major U.S. corporations

Many Fortune 100 companies have downloaded the same vulnerable software that led to the Equifax breach.Image: Thomas Trutschel/Photothek via Getty Images By Matt Binder2019-01-29 16:14:45 UTC Someone at these companies, please update your software! Hundreds of major U.S. corporations are using the same flawed version of server software that led to the 2017 Equifax breach,…

Many Fortune 100 companies have downloaded the same vulnerable software that led to the Equifax breach.
Many Fortune 100 companies have downloaded the same vulnerable software that led to the Equifax breach.

Image: Thomas Trutschel/Photothek via Getty Images

2018%252f06%252f26%252fc2%252f20182f062f252f5a2fphoto.d9abc.b1c04.jpg%252f90x90By Matt Binder

Someone at these companies, please update your software!

Hundreds of major U.S. corporations are using the same flawed version of server software that led to the 2017 Equifax breach, according to open source software automation firm, Sonatype. 

In a report published by TechCrunch, Sonatype’s data shows that two-thirds of Fortune 100 companies downloaded unsecure versions of the software, Apache Struts, in the last six months of 2018. Close to 150 million people had their personal information stolen by hackers who broke into the credit reporting agency’s systems. Some of the data stolen included names, social security numbers, birth dates, and addresses. 

SEE ALSO: Everything you need to know about the massive Equifax data breach

Since the breach, there have been more than a dozen Struts patches released, with the most recent one being earlier this year. However, a majority of the biggest corporations in the country have downloaded the vulnerable versions. According to Sonatype, more than 18,000 businesses downloaded vulnerable versions of Struts.

On Tuesday, Sonatype announced that the company would be partnering with Equifax in order to help the credit reporting agency prevent future breaches. The company will monitor Equifax’s network-wide open source libraries.

In the fallout of the Equifax hack, a report came out showcasing just how preventable the breach was. Judging by Sonatype’s data, it seems like we may see at least a few more similarly preventable breaches in the future.

UPDATE: Jan. 29, 2019, 11:43 a.m. EST An earlier version of this article misstated the number of companies. It is two-thirds of Fortune 100 corporations, not Fortune 500.

Read More

Leave a Reply

Your email address will not be published.