Solarwinds sends customers each others' complete client lists Software company Solarwinds, which sells IT management tools, has infuriated customers after a faulty alert exposed customers' entire client lists to their competitors. An unspecified issue affecting the Texas-based business' RemoteManagement tool, which it gained after acquiring Dundee-based LogicNow, led to a mass leaking of …
Hopefully your just having a laugh.. but if not....
Although while not a direct attack, knowing the naming conventions of systems within a targets environment is generally a great step forward in gaining unauthorised access to a system. Being able to call in to said target and being able to reel off a list of machine names etc will more than likely assist with a social engineering attack by often proving enough familiarity with the network to gain trust.
I would be very angry if any customer I looked after had had their details leaked knowing what could be on the way after such a breach of information. And before anyone says it wasn't sent to external customers. Do you want your systems security safe guarded by a competitor? Or do you trust them not to accidently let your details "slip" to the wider world?
I would be very angry if any customer I looked after had had their details leaked knowing what could be on the way after such a breach of information.
if I were a Solarwinds customer in this case, I'd be worried what level of legal liability I would have to my customers if their data was involved in this.
"if I were a Solarwinds customer in this case, I'd be worried what level of legal liability I would have to my customers if their data was involved in this."
Well, Solarwinds won't be worrying too much. They are in Texas and almost certainly have something in their contracts stating that all legal actions must take place in a Texas court. And well know how that works out, especially for foreign companies going after not just a US company, but a real live Texas company.
That's a case in point. It was a dedicated NHS system so the 'damage' was contained with in the NHS.
Aside from a deliberate act, there's no conceivable way that, say, everyone's data can be sent to BUPA. However if they both used a shared third-party cloud platform, you cannot make such an assertion.
has been uncovered devoted to scamming Talk Talk customers.
http://www.bbc.co.uk/news/technology-39177981
Some data breaches are so serious, there *has* to be restitution to the affected.
(We'll gloss over how I predicted this would happen back in Nov 2015 ...)
Its not an uncommon event it seems.
They sent me an invoice last year, and besides mine the emailed PDF contained EVERY invoice on their system... quite a large file with all their customers details... tut tut.
I duly let them know... and nothing, not even an acknowledgement.
Steve
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
