Technology
Hackers access files of US-based cyber security firm
San Francisco, July 28
Using an email address and password mistakenly exposed on the Internet, a hacker gained access to the internal files of US-based cyber security company Comodo, bringing the credibility of the company under question.
The credentials were found in a public GitHub repository owned by a Comodo software developer, TechCrunch reported on Saturday.
The account was not protected with two-factor authentication and with the email address and password in hand, the hacker could enter the company's Microsoft-hosted Cloud services.
The leaked credentials were discovered by a Netherlands-based security researcher Jelle Ursem who reached out to Comodo Vice-President Rajaswi Das.
According to Ursem, the account allowed him to access internal Comodo files, including sales documents and spreadsheets in the company's OneDrive and the company's organisation graph on SharePoint, allowing him to see the team's biographies, contact information, like phone numbers and email addresses, photos, customer documents and calendar.
Screenshots of folders containing agreements and contracts with several customers -- with names of customers in each filename, such as hospitals and US state governments.
"Seeing as they're a security company and give out Secure Sockets Layer (SSL) certificates, you'd think the security of their own environment would come above all else," the report quoted the Userm as saying.
Earlier this year Ursem found a similarly exposed set of internal Asus passwords on an employee's GitHub public account.
The credentials were found in a public GitHub repository owned by a Comodo software developer, TechCrunch reported on Saturday.
The account was not protected with two-factor authentication and with the email address and password in hand, the hacker could enter the company's Microsoft-hosted Cloud services.
The leaked credentials were discovered by a Netherlands-based security researcher Jelle Ursem who reached out to Comodo Vice-President Rajaswi Das.
According to Ursem, the account allowed him to access internal Comodo files, including sales documents and spreadsheets in the company's OneDrive and the company's organisation graph on SharePoint, allowing him to see the team's biographies, contact information, like phone numbers and email addresses, photos, customer documents and calendar.
Screenshots of folders containing agreements and contracts with several customers -- with names of customers in each filename, such as hospitals and US state governments.
"Seeing as they're a security company and give out Secure Sockets Layer (SSL) certificates, you'd think the security of their own environment would come above all else," the report quoted the Userm as saying.
Earlier this year Ursem found a similarly exposed set of internal Asus passwords on an employee's GitHub public account.
3 minutes ago
Boman Irani feted with South Asian Film Association award for his directorial debut ‘The Mehta Boys’
1 hour ago
'Prem naam hai mera..': Bollywood 'bad man' who made his name a catchphrase
1 hour ago
Raghav Juyal: ‘Yudhra’ role had impacted me on a psychological level
1 hour ago
‘Record breaking Stree’ Shraddha celebrates film’s success with her ‘magic girls’
2 hours ago
Ayushmann, Pashmina’s vibrant new poster for Garba song ‘Jachdi’ unveiled
2 hours ago
Kajol pens birthday note for 'beautiful goddess' momma Tanuja as she turns 81
2 hours ago
Esha Deol travels by Vande Bharat: Taking a train ride after a really long time
2 hours ago
Lyricist Manoj Muntashir pays tribute to Dinkar on his 116th birth anniversary
2 hours ago
Piyush Goyal to meet leading Australian and Indian CEOs, discuss investment avenues
2 hours ago
Apple iPhone 16 series receive overwhelming response in India, Pro models lead the pack
2 hours ago
Sensex trades at all-time high, Bharti Airtel and SBI top gainers
2 hours ago
Investors prefer regular hefty returns, tax benefits post Covid: Report
2 hours ago
PM Modi pushing us to make AI work for people: Google’s Sundar Pichai