Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

An exposed password let a hacker access internal Comodo files

From: InfoSec News <alerts () infosecnews org>
Date: Mon, 29 Jul 2019 09:57:17 +0000 (UTC)
https://techcrunch.com/2019/07/27/comodo-password-access-data/

By Zack Whittaker
Tech Crunch
July 27, 2019
A hacker gained access to internal files and documents owned by security company and SSL certificate issuer Comodo by using an email address and password mistakenly exposed on the internet.
The credentials were found in a public GitHub repository owned by a Comodo software developer. With the email address and password in hand, the hacker was able to log into the company’s Microsoft-hosted cloud services. The account was not protected with two-factor authentication.
Jelle Ursem, a Netherlands-based security researcher who found the credentials, contacted Comodo vice president Rajaswi Das by WhatsApp to secure the account. The password was revoked the following day.
Ursem told TechCrunch that the account allowed him to access internal Comodo files and documents, including sales documents and spreadsheets in the company’s OneDrive — and the company’s organization graph on SharePoint, allowing him to see the team’s biographies, contact information including phone numbers and email addresses, photos, customer documents, calendar, and more. 

[...]


--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
Previous By Date Next
Previous By Thread Next

Current thread: