Credit Card Center Advertiser Disclosure

Reply
Contributor
Posts: 82
Registered: ‎05-04-2008
0 Kudos

EQ Hacked Because didn't update Apache Software: Bloomberg

https://www.bloomberg.com/news/articles/2017-10-02/ex-equifax-ceo-says-human-tech-failures-allowed-b...

 

Wow basically back in march they had Apache software that needed a security patch. The deparment of Homeland Security notified them and they just never did it. The actual hack sounds like it was months later. 

 

Hope this leads to some chanages, where companies realize the financial impact of security breaches and starting running tigheter ships. I mean such a basic thing. 

 

 

5/08 EQ 696.....9/13 EQ 796.....9/17 EX 824, EQ 843
Amex Blue Cash 15K || PenFed Cash Rewards 18K || Chase Freedom 12K || Cap1 Quicksilver 15K || Amazon Prime 3.8K || Citi Double Cash 10.8K
Valued Contributor
Posts: 1,090
Registered: ‎01-17-2012
0 Kudos

Re: EQ Hacked Because didn't update Apache Software: Bloomberg

"Smith plans to tell lawmakers Tuesday he’s ‘deeply sorry’" That's nice of him.. Smiley Mad

 

Hey Smith how about telling all of America you're 'deeply sorry'.

Amex Green • Amex BCP • Amex HH (Surpass®) • Barclay Rewards • Chase World of Hyatt • Capital One Quicksilver • Discover it • PENFED Platinum Rewards • Marvel MC • Amazon Store • Kohls Store • CL $92,130 • Car Loan (PENFED) 1.99%

FICO® 8 Scores 790+
Highlighted
Community Leader
Valued Contributor
Posts: 1,865
Registered: ‎09-28-2014
0 Kudos

Re: EQ Hacked Because didn't update Apache Software: Bloomberg

[ Edited ]

Cprman wrote:

https://www.bloomberg.com/news/articles/2017-10-02/ex-equifax-ceo-says-human-tech-failures-allowed-b...

 

Wow basically back in march they had Apache software that needed a security patch. The deparment of Homeland Security notified them and they just never did it. The actual hack sounds like it was months later. 

 

Hope this leads to some chanages, where companies realize the financial impact of security breaches and starting running tigheter ships. I mean such a basic thing. 

 

 


"The Apache Software Foundation had issued a patch for the flaw in March, two months before hackers began accessing sensitive information on Equifax’s servers on May 13."

 

This Bloomberg article from Sept.29 indicates Equifax was hacked much earlier than May 13, as in March 10, and adds come conspiracy theory:

The Equifax Hack Has the Hallmarks of State-Sponsored Pros

 

  • Nike Zheng, a Chinese cybersecurity researcher from a bustling industrial center near Shanghai, probably knew little about Equifax or the value of the data pulsing through its servers when he exposed a flaw in popular backend software for web applications called Apache Struts. Information he provided to Apache, which published it along with a fix on March 6, showed how the flaw could be used to steal data from any company using the software.Within 24 hours, the information was posted to FreeBuf.com, a Chinese security website, and showed up the same day in Metasploit, a popular free hacking tool. On March 10, hackers scanning the internet for computer systems vulnerable to the attack got a hit on an Equifax server in Atlanta, according to people familiar with the investigation.
  • Before long, hackers had penetrated Equifax. They may not have immediately grasped the value of their discovery, but, as the attack escalated over the following months, that first group—known as an entry crew—handed off to a more sophisticated team of hackers. They homed in on a bounty of staggering scale: the financial data—Social Security numbers, birth dates, addresses and more—of at least 143 million Americans. By the time they were done, the attackers had accessed dozens of sensitive databases and created more than 30 separate entry points into Equifax's computer systems. The hackers were finally discovered on July 29, but were so deeply embedded that the company was forced to take a consumer complaint portal offline for 11 days while the security team found and closed the backdoors the intruders had set up.

That the "entry crew" that found Equifax had not installed the Apache fix for the vulnerability once found what they had and then handed it off to a "more sophisticated team of hackers would indicate state sponsored hacking. I've suspected that, because there has been no known attempts to use the information so far. Criminal hackers, like the "ransomware" folks would be tripping over themselves in attempts to get rich off the data. State sponsored hackers, the Chinese or Russians, would be content to sit on it, deciding how they could best use it to exert influence over the U.S.Oh, and this"

 

  • "Eventually the intruders installed more than 30 web shells, each on a different web address, so they could continue operating in case some were discovered. Groups known to exploit web shells most effectively include teams with links to Chinese intelligence, including one nicknamed Shell Crew. Some investigators within Equifax reached the conclusion that they were facing Chinese state hackers relatively quickly after analyzing the Moloch data, according to a person briefed on those discussions. If the Equifax breach was a purely criminal act, one would expect at least some of the stolen data, especially the credit card numbers that were taken, to have showed up for sale on the black market. That hasn't happened".

 And one other thing - not only do the hackers have credit & personal info on 145 million Americans, they most likely have the credit & personal info on Trump, his family, his Cabinet offcials, and ever member of Congress.

 

 

 

 


Fico 08: 720/721/719 TU/EX/EQ

Forums posts are not provided or commissioned by FICO. Forums posts have not been reviewed, approved or otherwise endorsed by FICO. It is not FICO's responsibility to ensure all posts and/or questions are answered.

† Advertiser Disclosure: The listings that appear on myFICO are from companies from which myFICO receives compensation, which may impact how and where products appear on myFICO (including, for example, the order in which they appear). myFICO does not review or include all companies or all available products.
‡ Credit cards for FICO Score ranges: The score ranges are guidelines based on internal myFICO analysis of actual applicant approvals, and having a FICO Score in a particular range does not guarantee you will be approved for credit cards recommended in that range. These ranges were not provided by any card issuer.

* For complete information, see the terms and conditions on the credit card issuer’s website. Once you click apply for this card, you will be directed to the issuer’s website where you may review the terms and conditions of the card before applying. While myFICO always strives to present the most accurate information, we show a summary to help you choose a product, not the full legal terms - and before applying you should understand the full terms of products as stated by the issuer itself.

Copyright ©2001-2015 Fair Isaac Corporation. All rights reserved.   | Terms of Use | Privacy Policy | Sitemap

IMPORTANT INFORMATION: All FICO® Score products made available on myFICO.com include a FICO® Score 8, along with additional FICO® Score versions. Your lender or insurer may use a different FICO® Score than the versions you receive from myFICO, or another type of credit score altogether. Learn more

FICO, myFICO, Score Watch, The score lenders use, and The Score That Matters are trademarks or registered trademarks of Fair Isaac Corporation. Equifax Credit Report is a trademark of Equifax, Inc. and its affiliated companies. Many factors affect your FICO Score and the interest rates you may receive. Fair Isaac is not a credit repair organization as defined under federal or state law, including the Credit Repair Organizations Act. Fair Isaac does not provide "credit repair" services or advice or assistance regarding "rebuilding" or "improving" your credit record, credit history or credit rating. FTC's website on credit.