Technology
Hackers access files of US-based cyber security firm
San Francisco, July 28
Using an email address and password mistakenly exposed on the Internet, a hacker gained access to the internal files of US-based cyber security company Comodo, bringing the credibility of the company under question.
The credentials were found in a public GitHub repository owned by a Comodo software developer, TechCrunch reported on Saturday.
The account was not protected with two-factor authentication and with the email address and password in hand, the hacker could enter the company's Microsoft-hosted Cloud services.
The leaked credentials were discovered by a Netherlands-based security researcher Jelle Ursem who reached out to Comodo Vice-President Rajaswi Das.
According to Ursem, the account allowed him to access internal Comodo files, including sales documents and spreadsheets in the company's OneDrive and the company's organisation graph on SharePoint, allowing him to see the team's biographies, contact information, like phone numbers and email addresses, photos, customer documents and calendar.
Screenshots of folders containing agreements and contracts with several customers -- with names of customers in each filename, such as hospitals and US state governments.
"Seeing as they're a security company and give out Secure Sockets Layer (SSL) certificates, you'd think the security of their own environment would come above all else," the report quoted the Userm as saying.
Earlier this year Ursem found a similarly exposed set of internal Asus passwords on an employee's GitHub public account.
The credentials were found in a public GitHub repository owned by a Comodo software developer, TechCrunch reported on Saturday.
The account was not protected with two-factor authentication and with the email address and password in hand, the hacker could enter the company's Microsoft-hosted Cloud services.
The leaked credentials were discovered by a Netherlands-based security researcher Jelle Ursem who reached out to Comodo Vice-President Rajaswi Das.
According to Ursem, the account allowed him to access internal Comodo files, including sales documents and spreadsheets in the company's OneDrive and the company's organisation graph on SharePoint, allowing him to see the team's biographies, contact information, like phone numbers and email addresses, photos, customer documents and calendar.
Screenshots of folders containing agreements and contracts with several customers -- with names of customers in each filename, such as hospitals and US state governments.
"Seeing as they're a security company and give out Secure Sockets Layer (SSL) certificates, you'd think the security of their own environment would come above all else," the report quoted the Userm as saying.
Earlier this year Ursem found a similarly exposed set of internal Asus passwords on an employee's GitHub public account.
20 minutes ago
Uttar Pradesh: Case filed against American national for entering India without valid documents
22 minutes ago
Trump, Netanyahu, Meloni among 13 world leaders featured on Iran's "revenge list"
23 minutes ago
"Get ready for sudden death": Iran issues chilling warning after Trump ally's demise
25 minutes ago
US Senator Lindsey Graham passed away due to 'aortic dissection', says preliminary medical report
36 minutes ago
Houthi TV reports Saudi airstrikes on Sanaa airport
5 hours ago
Vidhatri Bandi recalls losing her father just days before filming 'Max, Min and Meowzaki': Was devastatingly numb
5 hours ago
Keanu Reeves opens up on life lesson he got from bike racing
5 hours ago
New ‘Batwara 1947’ poster symbolises hope and resilience in turbulent times
5 hours ago
Anu Malik on working with Hema Malini in ‘three films’: Those memories will always remain close to my heart
5 hours ago
Shilpa Shetty: Gratitude has always been the bedrock of my life
5 hours ago
Shriya Pilgaonkar, Supriya Pilgaonkar plant 1,500 saplings to create a mini forest for birds
5 hours ago
Hilary Duff on being a part of people’s childhood: A badge of honour
5 hours ago
Harshad Chopda becomes the reason behind Shivangi Joshi’s tears
