A critical vulnerability was disclosed. A patch was released the same day. Equifax was warned directly. The patch was never applied. Two months later, attackers walked through the door — and spent seventy-six days inside a system holding 147 million Social Security numbers. Episode 5 covers the full 2017 Equifax breach — the Apache Struts vulnerability, the scanner that missed, the certificate that was blind for over a year, the breach response that made everything worse, and the PLA indictment that revealed what the stolen data was really for. 

0:00 — Introduction
0:42 — What Is Equifax
1:17 — The Data You Never Chose to Give
1:42 — Growth vs. Security
2:05 — ACIS: A 1970s System on the Public Internet
2:25 — CVE-2017-5638: The OGNL Injection
4:19 — The Missed Scan
5:37 — The Honour System
6:16 — CEO vs. Committee
6:37 — May 13th: The Door Opens
7:13 — No Walls: Lateral Movement
8:20 — The Harvest: 147 Million Records
9:31 — The Expired Certificate
10:45 — Found by Accident
11:09 — The Response Timeline
12:35 — The Response That Made Everything Worse
13:52 — Insider Trading
14:28 — Executive Departures
14:52 — The Settlement
15:34 — PLA Attribution
16:23 — The Intelligence Mosaic
17:05 — Entirely Preventable
17:47 — Closing

Full technical breakdown: zerodaylogs.com