Expert Comments

Experts Comments On Orvis.com Leaked Internal Passwords On Pastebin

Expert(s): Security Experts
Expert(s): Security Experts

Krebs is reporting that Orvis, a Vermont-based retailer that specializes in high-end fly fishing equipment and other sporting goods, leaked hundreds of internal passwords on Pastebin.com for several weeks last month, exposing credentials the company used to manage everything from firewalls and routers to administrator accounts and database servers, KrebsOnSecurity has learned. Orvis says the exposure was inadvertent, and that many of the credentials were already expired.

https://krebsonsecurity.com/2019/11/retailer-orvis-com-leaked-hundreds-of-internal-passwords-on-pastebin/

Experts have commented below.

Experts Comments

November 13, 2019
Jonathan Deveaux
Head of Enterprise Data Protection
comforte AG
Each newly reported data breach or data exposure incident brings to light how much access some employees have, and also, what are some not-so-well-known places where exposed data or credentials may show up (Pastebin?). Some privileged employees may certainly have a need or directive to possess ‘keys to the technology kingdom.’ They may also find it challenging to keep the dozens of user names and passwords securely managed, yet accessible, to perform their day-to-day responsibilities......Read More
Each newly reported data breach or data exposure incident brings to light how much access some employees have, and also, what are some not-so-well-known places where exposed data or credentials may show up (Pastebin?). Some privileged employees may certainly have a need or directive to possess ‘keys to the technology kingdom.’ They may also find it challenging to keep the dozens of user names and passwords securely managed, yet accessible, to perform their day-to-day responsibilities. But it is clear that organizations need additional data protections beyond access safeguards to ensure their ‘crown jewels’ are kept secured. Orvis is fortunate that no reports of customer data were leaked, as this 160-year-old retailer may have had to answer data privacy questions as cited in several regulations in jurisdictions in which they do business.  Read Less
November 13, 2019
James McQuiggan
Security Awareness Advocate
KnowBe4
Keeping track of passwords within the business gets complex when you’re using local accounts. It’s important to have a centralised identity and access management system to protect not only user accounts, but also devices like routers, switches and firewalls. Using local or shared accounts requires some type of repository to store the credentials and when these are accidentally posted in uncontrolled environments, it can open opportunities for unauthorised use, which can lead to.....Read More
Keeping track of passwords within the business gets complex when you’re using local accounts. It’s important to have a centralised identity and access management system to protect not only user accounts, but also devices like routers, switches and firewalls. Using local or shared accounts requires some type of repository to store the credentials and when these are accidentally posted in uncontrolled environments, it can open opportunities for unauthorised use, which can lead to intellectual property theft, identify theft or business email compromise. If a central repository needs to be used, it is more effective to have a proper password management system for organisations that is protected on the network and only accessible by authorised users.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.
SUBMIT

You may also like

Panasonic Becomes Latest Victim Of Data Breach – Security Expert...

Clearview’s £17 Million Fine For Processing 10+ Billion Images Is...

Booz Allen Report On CISOs And China Quantum Computing Risks,...

Experts Reactions On Sky Broadband Hack Warning

Ransomware Set To Break Records This Black Friday 2021

Security Expert On Apple Suing NSO Group

Meta Delays Plans To Rollout End-to-end Encryption

NCSC Issues Black Friday Warning To Tetailers

How The Zelle Fraud Scam Steals Your Bank Credentials

GoDaddy Data Breach Impacts Over A Million Users, Experts Reactions

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics

Twitter Facebook-f Linkedin Youtube

Working With Us

The Pages

Our Contributing Experts