
Besides Equifax, what other recent hacks were exploited by open source? - tgit
I know that Equifax was exploited through a vulnerability in the Apache Struts component, but I wanted to know what other recent hacks were also due to open source. I&#x27;d say most companies just reveal they&#x27;ve been hacked as opposed to clearly specifying what part of the code was hacked.
======
mtmail
MongoDB servers with no password security got attacked, their data stolen and
told to pay bitcoin to get the data back.
[https://twitter.com/0xdude/status/813865069218037760](https://twitter.com/0xdude/status/813865069218037760)
There were reports that companies paid (the bitcoin address is open and so are
transactions). Similar for Elasticsearch, Cassandra, CouchDB databases. I
think it counts as misconfiguration rather than exploit when no passwords were
set (or default passwords).

