Even government-trusted companies aren’t immune to bad password habits. Here’s what your organization can do to avoid a similar incident.
U.S. IT firm SolarWinds experienced a software hack in 2020 that is only now being fully uncovered. After gaining access to the SolarWinds software, hackers added malicious code, which was then sent to SolarWinds customers during routine software updates. At this point, hackers could gain access to the customers’ IT systems, deploying more malware to spy on these organizations and their sensitive data. Among these customers? The U.S. Treasury.
The hack was first reported by Reuters in December of 2020 after going undetected for months. According to Reuters, the suspected culprits are Russian hackers.
New reports peg the catalyst of the incident on a weak password created by an intern: solarwinds123.
Find out why passwords can be the weakest link in your company security and what you can do about it in our latest white paper.
What info might have been compromised?
According to SolarWinds’s report to the SEC, around 18,000 customers installed software with the malicious code—including high profile customers, such as Fortune 500 companies and branches of the U.S. government.
The data that may have been compromised in the hack is still under investigation, however the U.S. Treasury has reported that emails and internal networks were hacked into.
Why is this such a big deal?
There are multiple implications with the SolarWinds hack. The researcher who initially discovered the leaked password told CNN that it had been available online since at least June 2018, until it was fixed in November 2019. For a company providing IT services, this oversight is enough to cause serious reputational damage. And because the malware went undetected for so long, it’s possible that companies may never know if they were affected by this hack or not. In fact, the full extent of the damage caused by this hack may never be known.
According to Dashlane’s own CTO, Frederic Rivain, “As we’ve seen in the SolarWinds incident, securing a company’s perimeter is not enough. With the explosion of SaaS services and APIs that we all use, there’s a domino effect. As a company, you need to have oversight into the security practices of your providers and partners, as they could result in an indirect incident and still hurt your own reputation.”
What businesses should do
A bad password should never be the cause of a hack or a breach—but unfortunately, weak, reused, or stolen employee passwords still cause the majority of business hacks and breaches. The good news is that a simple, cost-effective solution exists: a password manager.
Try Dashlane for your business and start improving your company’s passwords for free. Get started by finding the plan that’s right for you.
What employees and interns should do
If your organization does not use a password management solution, the change can start with you. A password manager makes life online simpler—not just at work but at home, too.
Read our full guide on building a case for a password manager to find out more about setting your company up with total password protection.