Raphael Satter and Christopher Bing have a somewhat mind-boggling update to the SolarWinds hack – a hack that will be remembered as one of the biggest and most concerning hacks of 2020.
And it’s only likely to get worse for SolarWinds, whose stock already dropped significantly. We know that companies can recover from breaches and stock values often rebound, but there are different revelations about SolarWind’s security that may make people a bit more reluctant to ever trust them again. Reuters reports:
Experts are reviewing their notes to find old examples of substandard security at the company. Security researcher Vinoth Kumar told Reuters that, last year, he alerted the company that anyone could access SolarWinds’ update server by using the password “solarwinds123”
“This could have been done by any attacker, easily,” Kumar said.
Others – including Kyle Hanslovan, the cofounder of Maryland-based cybersecurity company Huntress – noticed that, even days after SolarWinds realized their software had been compromised, the malicious updates were still available for download.
Read more on Reuters.
Can SolarWinds recover and come back stronger than ever? I would hope so.
Update: See this great thread on Twitter about how not to jump to the wrong conclusions based on comments like Kumar’s.