Experts Comments On Leaked Internal Passwords On Pastebin

Krebs is reporting that Orvis, a Vermont-based retailer that specializes in high-end fly fishing equipment and other sporting goods, leaked hundreds of internal passwords on for several weeks last month, exposing credentials the company used to manage everything from firewalls and routers to administrator accounts and database servers, KrebsOnSecurity has learned. Orvis says the exposure was inadvertent, and that many of the credentials were already expired.

Experts have commented below.

Jonathan Deveaux, Head of Enterprise Data Protection,  comforte AG
November 13, 2019
Orvis is fortunate that no reports of customer data were leaked.
Each newly reported data breach or data exposure incident brings to light how much access some employees have, and also, what are some not-so-well-known places where exposed data or credentials may show up (Pastebin?). Some privileged employees may certainly have a need or directive to possess ‘keys to the technology kingdom.’ They may also find it challenging to keep the dozens of user name ....
[Read More >>]
James McQuiggan, Security Awareness Advocate,  KnowBe4
November 13, 2019
It is more effective to have a proper password management system for organisations.
Keeping track of passwords within the business gets complex when you’re using local accounts. It’s important to have a centralised identity and access management system to protect not only user accounts, but also devices like routers, switches and firewalls. Using local or shared accounts requires some type of repository to store the credentials and when these are accidentally posted in uncon ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments

In this article