The blame for the record-breaking cybersecurity breach that affects at least 143 million people falls on the open-source server framework, Apache Struts, according to equity research firm Baird. The firm's source, per one report, is believed to be Equifax.

Apache Struts is a popular open source software programming Model-View-Controller (MVC) framework for Java. However, it is not a vendor software program and it is unproven that Struts was the source of the hole the hackers drove through.

Several headlines, which have now been retracted, are based on a single quote by a non-technical analyst from an Equifax source.

Open sources have taken to the web to hit out at Equifax saying that its own data breach detector is useless and untrustworthy. Adding insult to injury, the credit agency's advice and support site looks, at first glance, to be a bogus, phishing-type site: "equifaxsecurity2017.com".

Something which is confirmed by the first thing it asks you is the last six figures of your social security number and last name.

So why has Struts been indentified as the cause of the breach? Two days before the Equifax breach was reported a new and significant Struts zero day security problem was announced.

However Equifax admitted hackers had broken in between mid-May through July, long before the most recent Struts flaw was revealed.

This probably means that if the problem was indeed with Struts -- it was with a separate but equally serious security problem in Struts which was first patched in March.

ZDNET pointed out that the question then becomes: is it the fault of Struts developers or Equifax's developers, system admins, and their management?
"The people who ran the code with a known 'total compromise of system integrity' should get the blame", reports ZDNet.