Faulty Equifax software used by many
There are 50,000 potential Equifaxes looming on the horizon.
Corporate America has been slow to update its open-source software, even in the wake of the Equifax hack that exposed 143 million people’s sensitive data, according to one of the central hubs for the free programs.
More than 50,000 organizations are using outdated and leaky versions of Apache, the software whose Struts app gave hackers a back door into Equifax — even though free fixes have been available for nine months, according to Sonatype, a firm that monitors downloads of open-source software like Apache.
“When you take on use of an opensource project, you’re outsourcing software development to strangers,” Sonatype Chief Executive Wayne Jackson told The Post.
“The thing that makes that even worse is the hacking community has an information advantage over the users of open source,” he added.
The Equifax hack is one of the largest in history. Experts project that people will feel the repercussions for decades to come, since it contains people’s Social Security numbers, addresses, credit card information and driver’s license numbers.
Equifax disclosed that it had been hacked from May to July, and that it was aware of the software flaws but hadn’t fixed them.
The company had been the target of other successful hacks going back to March, according to a Bloomberg report.
The news hasn’t gotten better since Equifax disclosed that it was hacked on Sept. 7.
Massachusetts filed a lawsuit against Equifax on Tuesday for failing to protect its citizens, making good on a promise from last week.