Equifax Breach: Everyone is Compromised
On 7th September 2017, the company announced the breach in their system by hackers compromising people’s identities around 144 Million which is approx. 44% of the population so far. Equifax is a public company like Experian and the TransUnion, which manages consumer credit monitoring and reporting. Equifax manages information of individual consumers around 800 million and has more than 88 million businesses established worldwide. On that dreadful day, they announced that their security was compromised, and they lost a lot of consumers data. The breach started from mid may till June this year in which they confirmed that approx. 29 thousand credit details were extracted by the hackers in that attack. It was also disclosed that the people from the United Kingdom and Canada were also caught up in that impact making it as the biggest data breach in history.As for the attack, it was later released that the hackers found a vulnerability in their web application. The attackers exploited the weakness named as CVE-2017-5638, which is an Apache Struct vulnerability. The vulnerability can be exploited by interfering with the Jakarta Multipart parser upload function on an Apache server and it can be used to create a malicious request on that Apache web server. This vulnerability was publicly disclosed by experts from Cisco Talos and the proof of malicious code that was made public. The flaw spiked the internet and made the reason for the delivering of the ransomware Cerber to the vulnerable servers. After the vulnerability was disclosed, quick action was taken, and it was patched by the end of March. The Apache spokesman gave a reason to Reuters agency that patch was available, but it was a lack of alertness by the Equifax security team as they failed to implement the patch at that time for the vulnerability in their system which violated their policy to apply a patch in their system within 48 hours which became a sole reason of getting compromised. After days of the release of the breach, U.S Federal Trade Commision (FTC) who have investigated the incident, alerted that many hackers are using the technique called social engineering, to make people give up their standard information.
Shortly after the breach was known worldwide, many hackers came up with their websites on the Tor network in order to blackmail Equifax for a ransom of 600 Bitcoins (approx 3 million 570 thousand USD). It was good news for Equifax that after conducting numerous investigations, the site and hackers turned out to be fake taking advantage of the situation and were all shut down. After that hoax, a new band of hackers came into limelight calling themselves Equihax, claiming that they have the breach data and were going to release data on their website badtouchyonqysm3[.]onion (Either do not visit or Use a tor network). The hackers claimed they were not expecting this much pile of important data and they need to monetize it as soon as possible. After the week of writing, they published a website and started crowdfunding to collect around 600 Bitcoins or 8400 Etherium to release precious data. They also offered people to release 1 million of data for 4 Bitcoin(Approx. 23 thousand USD). Equihax also released a couple of leaked records of Donald Trump, Kim Kardashian and Bill gates with some screenshots providing authenticity of their leaked data. This also turned out to be a scam, as the information was already available on the internet before the brain and the screenshots which were provided were photoshopped.After the news was out about Equifax breach, the company lost most of its reputation and credibility. Equifax faced a lot of criticism as they didn’t tell about the breach sooner. When they were asked they gave a comment that they needed time to analyze the scope of the intrusion and to determine how much data is being compromised. Now Equifax has created a site where the individual can know whether he is a victim of the breach and the company is trying really hard to fix its reputation.After going through a lot of articles I came to a conclusion that Equifax will do everything in their power to fix their vulnerability and credibility but I don’t think they would be taking any initiative for the leaked data. Whereas Equifax is not just a credit reporting agency, it's also a data broker who collects our information, analyze it and sell it to others like banks who is lending you a loan, corporation who’s going to hire you, a landlord whose place you are renting and even the government. For Equifax, we are not their customers, we are a product for them. .Where it's not just Equifax, there are thousands of brokers who are collecting our information of whom we have never heard of or come in contact with. If we are a victim and our information is compromised, we can do anything for the standard information but we can get rid of old credit or debit card information and can ask for a new one to protect us from any fraud in future.
Do you like to write about your infosec knowledge, skills, opinions, or exploits?
Publish your original research, tutorials, articles, or other written content on Cybray's blog to be seen by thousands of infosec readers daily!