- A security researcher told Reuters he warned the IT firm SolarWinds in 2019 that its “solarwinds123” password for its update server could be accessed by anyone.
- “This could have been done by any attacker, easily,” Vinoth Kumar told the outlet, which reported that experts are now working to identify weak security points in the company’s system that could have led to the attack.
- SolarWinds suffered a massive hack when attackers plugged malicious code into the company’s software, which was then distributed to 18,000 of its 300,000 clients.
- It’s unclear which customers specifically were targeted, but its customer base includes Fortune 500 firms and government agencies.
- The Trump administration confirmed that hackers had infiltrated key networks, including the US Treasury and the Commerce Department. The State Department and the Department of Homeland Security have also been confirmed as victims.
- Visit Business Insider’s homepage for more stories.
A security researcher said he warned SolarWinds in 2019 that the IT company’s update server could be accessed by using the password “solarwinds123,” according to a Tuesday Reuters report.
The revelation comes days after a massive hack of the Austin-based SolarWinds was made public, an attack that has since been confirmed to have infiltrated US government agencies. According to Reuters, experts are now tracing their steps to identify any weak security points that hackers could have taken advantage of. Security expert Vinoth Kumar told Reuters that he warned the company last year about setting the password for a secure server as “solarwinds123.”
Kumar told the publication that “this could have been done by any attacker, easily.” SolarWinds did not immediately respond to Business Insider’s request for comment.
The attack specifically involved hackers plugging malware into the IT company’s Orion software, which was later distributed to about 18,000 clients.
It's unclear which clients specifically were affected by the hack, but SolarWinds has more than 300,000 clients, many of which are Fortune 500 companies including Microsoft, AT&T, and McDonald's, as well as government agencies. The Trump administration acknowledged that the hackers had indeed gained access to official networks, including the US Treasury. The Department of Homeland Security and the State Department are also confirmed to have been hacked.
As Business Insider's Aaron Holmes reported, the hackers were able to spy on the companies and federal agencies for months, free to peruse victims' files and private communications sent by the top brass of the US government. They gained access in March, as the COVID-19 pandemic first began setting into the US, and were able to steal data undetected. The hack was just made public this week, and US authorities directed clients running the Orion software to disconnect from it.
The orchestrators of the hack are believed to be located in Russia, according to Reuters.