Over 10,000 companies downloading software vulnerable to Equifax hack

Unpatched Apache Struts instances are still out there in large quantities.
Apache spot
(Flickr/Drupal Foundation)

Even after a massive data breach allowed hackers to steal the personal information of 148 million Equifax customers, thousands of companies are still using the software that made the breach possible. 

According to Fortune, Maryland-based cybersecurity firm Sonatype identified as many as 10,801 organizations that have downloaded an old version of Apache Struts — the same free, open-source software that hackers exploited to swipe the names, social security numbers, birthdays, addresses and other identifiers from Equifax’s databases. 

Of the organizations that downloaded the vulnerable version of the software, seven of the businesses were Fortune Global 100 tech companies, eight were Fortune Global 100 automakers, and 15 were Fortune Global 100 financial services or insurance firms, according to Fortune. 

The Apache Software Foundation has released seven patched versions of the software since March 2017. Apache Struts is used as an app building tool, and usually as a framework for online payment systems. 


According to ZDNet, over half of the Fortune Global 100 companies are using the vulnerable version of Apache Struts. 

The Equifax breach led to probes by members of Congress, and the resignation of former chief executive Richard Smith. The company was accused of not updating its computer systems, and withholding information about the extent of the breach.

Latest Podcasts