Authorization

SolarWinds told Congress that an intern used the password 'solarwinds123' in 2017, but experts say it was likely a bigger issue

SolarWinds told Congress that an intern used the password 'solarwinds123' in 2017, but experts say it was likely a bigger issue

SolarWinds CEO Sudhakar Ramakrishna testifies Tuesday on Capitol Hill.
Photo by Demetrius Freeman-Pool/Getty Images




SolarWinds told Congress that using the password 'solarwinds123' was an intern's mistake.




A key researcher told Insider the log-in information was posted publicly on GitHub for years.




Cybersecurity experts say the issue appears to represent more than an intern's weak password.




Visit the Business section of Insider for more stories.


Two SolarWinds CEOs told the US Congress on Friday that the now-infamous exposure of the password "solarwinds123" was the result of an intern's mistake in 2017. Those new statements shine a light on a cybersecurity lapse that has posed questions about the sweeping cybersecurity attacks for several months. Five cybersecurity experts tell Insider they believe the issue has broad cybersecurity implications beyond an intern's weak password. Among the experts is the researcher who discovered the issue, which involved the log-in information to a server used for software updates. An email that appears to be from SolarWinds' security team to that researcher notes that information was "publicly accessible" that the company addressed "exposed credentials." The SolarWinds cybersecurity attacks used software updates to invade the computer networks of nine major US agencies and thousands of companies in historic and sweeping supply chain attacks. The origin of the attacks has not been found, and lawmakers' scrutiny of the matter of the password on Friday ultimately served to raise new questions about the Texas-based IT company's own cybersecurity practices. Former CEO Kevin Thompson and current CEO Sudhakar Ramakrishna addressed the House Oversight committee, where they answered questions about the weak password, news of which was first widely reported in December.
See also:
Leave a comment
News
  • Latest
  • Read
  • Commented
Calendar Content
«    Апрель 2021    »
ПнВтСрЧтПтСбВс
 1234
567891011
12131415161718
19202122232425
2627282930