It looks as if the cut and paste is still working: it was only a few customers' data released.
Solarwinds sends customers each others' complete client lists
Software company Solarwinds, which sells IT management tools, has infuriated customers after a faulty alert exposed customers' entire client lists to their competitors. An unspecified issue affecting the Texas-based business' RemoteManagement tool, which it gained after acquiring Dundee-based LogicNow, led to a mass leaking of …
COMMENTS
-
-
Monday 6th March 2017 16:58 GMT Anonymous Coward
@GingerOne
Hopefully your just having a laugh.. but if not....
Although while not a direct attack, knowing the naming conventions of systems within a targets environment is generally a great step forward in gaining unauthorised access to a system. Being able to call in to said target and being able to reel off a list of machine names etc will more than likely assist with a social engineering attack by often proving enough familiarity with the network to gain trust.
I would be very angry if any customer I looked after had had their details leaked knowing what could be on the way after such a breach of information. And before anyone says it wasn't sent to external customers. Do you want your systems security safe guarded by a competitor? Or do you trust them not to accidently let your details "slip" to the wider world?
-
Monday 6th March 2017 17:05 GMT djack
Re: @GingerOne
I would be very angry if any customer I looked after had had their details leaked knowing what could be on the way after such a breach of information.
if I were a Solarwinds customer in this case, I'd be worried what level of legal liability I would have to my customers if their data was involved in this.
-
Tuesday 7th March 2017 00:48 GMT John Brown (no body)
Re: @GingerOne
"if I were a Solarwinds customer in this case, I'd be worried what level of legal liability I would have to my customers if their data was involved in this."
Well, Solarwinds won't be worrying too much. They are in Texas and almost certainly have something in their contracts stating that all legal actions must take place in a Texas court. And well know how that works out, especially for foreign companies going after not just a US company, but a real live Texas company.
-
-
-
-
-
-
Monday 6th March 2017 17:03 GMT djack
Re: The Cloud...
That's a case in point. It was a dedicated NHS system so the 'damage' was contained with in the NHS.
Aside from a deliberate act, there's no conceivable way that, say, everyone's data can be sent to BUPA. However if they both used a shared third-party cloud platform, you cannot make such an assertion.
-
-
-
Monday 6th March 2017 17:24 GMT JimmyPage
And in other news, an industrial size call centre
has been uncovered devoted to scamming Talk Talk customers.
http://www.bbc.co.uk/news/technology-39177981
Some data breaches are so serious, there *has* to be restitution to the affected.
(We'll gloss over how I predicted this would happen back in Nov 2015 ...)
-
-
Tuesday 7th March 2017 16:54 GMT Steve Potter
Been there done that.
Its not an uncommon event it seems.
They sent me an invoice last year, and besides mine the emailed PDF contained EVERY invoice on their system... quite a large file with all their customers details... tut tut.
I duly let them know... and nothing, not even an acknowledgement.
Steve