Deloitte is a sitting duck: Key systems with RDP open, VPN and proxy ‘login details leaked’ • The Register

https://www.google.fi/amp/s/www.theregister.co.uk/AMP/2017/09/26/deloitte_leak_github_and_google/

“Do not do like I do, do like what I say” type security consulting company of the year!

1 Comment

  1. Tomi Engdahl says:

    Nick Hopkins / The Guardian:
    Sources: 2016 Deloitte hack compromised server that contained emails of ~350 clients, including UN and several US government agencies — Exclusive: Cyber-attack was far more widespread than firm admits, say sources, with data from as many as 350 clients in compromised system

    Deloitte hack hit server containing emails from across US government
    https://www.theguardian.com/business/2017/oct/10/deloitte-hack-hit-server-containing-emails-from-across-us-government

    Exclusive: Cyber-attack was far more widespread than firm admits, say sources, with data from as many as 350 clients in compromised system

    The hack into the accountancy giant Deloitte compromised a server that contained the emails of an estimated 350 clients, including four US government departments, the United Nations and some of the world’s biggest multinationals, the Guardian has been told.

    Sources with knowledge of the hack say the incident was potentially more widespread than Deloitte has been prepared to acknowledge and that the company cannot be 100% sure what was taken.

    Deloitte said it believed the hack had only “impacted” six clients, and that it was confident it knew where the hackers had been. It said it believed the attack on its systems, which began a year ago, was now over.

    The Guardian has established that a host of clients had material that was made vulnerable by the hack, including:

    • The US departments of state, energy, homeland security and defence.

    • The US Postal Service.

    • The National Institutes of Health.

    • “Fannie Mae” and “Freddie Mac”, the housing giants that fund and guarantee mortgages in the US.

    Football’s world governing body, Fifa, had emails in the server that was breached, along with four global banks, three airlines, two multinational car manufacturers, energy giants and big pharmaceutical companies.

    Deloitte did not deny any of these clients had information in the system that was the target of the hack, but it said none of the companies or government departments had been “impacted”. It said “the number of email messages targeted by the attacker was a small fraction of those stored on the platform”.

    This assurance has been contested by sources that spoke to the Guardian. They said Deloitte’s public position belied concern within the company about exactly what had happened and why.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*