Deloitte Pwned…. Secret Emails & Plans Exposed

The Guardian has details on yet another epic hack. This time it’s consulting firm Deloitte who got pwned by hackers. And the way that the hackers got in screams of amateur hour in their IT department:

The Guardian understands Deloitte clients across all of these sectors had material in the company email system that was breached. The companies include household names as well as US government departments.

So far, six of Deloitte’s clients have been told their information was “impacted” by the hack. Deloitte’s internal review into the incident is ongoing.

The Guardian understands Deloitte discovered the hack in March this year, but it is believed the attackers may have had access to its systems since October or November 2016.

The hacker compromised the firm’s global email server through an “administrator’s account” that, in theory, gave them privileged, unrestricted “access to all areas”.

The account required only a single password and did not have “two-step“ verification, sources said.

So, let me simplify this for you. The administrator account allows a user to do anything they want. Usually, this account is disabled, or has some sort of strong protection such as two factor authentication to ensure that this exact scenario does not happen. Those protections were clearly not in place. Thus they got pwned. Another issue is the fact that the attackers had access to this email system for months. So who knows what they got away with? Finally, the time it took to disclose this is problematic. There really needs to be more transparency on that front.

Here’s what’s ironic about all of this. In 2012, Deloitte was ranked the best cybersecurity consultant in the world. But clearly in the five years since that award, things have slipped at the firm.

Pity.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: