Tuesday November 19, 2019
Home Lead Story Hackers Gain ...

Hackers Gain Access to Internal Files of US-Based Cyber Security Company

According to Ursem, the account allowed him to access internal Comodo files, including sales documents and spreadsheets in the company's OneDrive

0
//
cyber security, hackers
FILE - Security firm FireEye's logo is seen outside the company's offices in Milpitas, Calif. VOA

Using an email address and password mistakenly exposed on the Internet, a hacker gained access to the internal files of US-based cyber security company Comodo, bringing the credibility of the company under question.

The credentials were found in a public GitHub repository owned by a Comodo software developer, TechCrunch reported on Saturday. The account was not protected with two-factor authentication and with the email address and password in hand, the hacker could enter the company’s Microsoft-hosted Cloud services. The leaked credentials were discovered by a Netherlands-based security researcher Jelle Ursem who reached out to Comodo Vice-President Rajaswi Das.

According to Ursem, the account allowed him to access internal Comodo files, including sales documents and spreadsheets in the company’s OneDrive and the company’s organisation graph on SharePoint, allowing him to see the team’s biographies, contact information, like phone numbers and email addresses, photos, customer documents and calendar.

hackers, cyber security
According to Ursem, the account allowed him to access internal Comodo files, including sales documents and spreadsheets in the company’s OneDrive. Pixabay

ALSO READ: Email Attacks: IT Professionals Struggle in Spotting Suspicious Emails

Screenshots of folders containing agreements and contracts with several customers — with names of customers in each filename, such as hospitals and US state governments.

“Seeing as they’re a security company and give out Secure Sockets Layer (SSL) certificates, you’d think the security of their own environment would come above all else,” the report quoted the Userm as saying. Earlier this year Ursem found a similarly exposed set of internal Asus passwords on an employee’s GitHub public account. (IANS)

Next Story

Thousands Of Disney+ Accounts Hacked And Up For Sale On Dark Web

Hackers have hijacked thousands of Disney+ accounts and put them up for sale on the Dark Web

0
Hacked Disney+ accounts
Hackers have hijacked thousands of Disney+ accounts. Pixabay

As Disney garnered over 10 million subscribers for its online streaming service Disney+ on its first day of operation, reports have surfaced on Monday that hackers have already hijacked thousands of accounts and put them up for sale on the Dark Web.

ZDNet discovered several listings for Disney+ accounts on different underground hacking forums, selling for somewhere between $3 and $5.

The Disney+ launch was marred by technical issues and users reported being unable to stream their favourite movies and shows.

Several users reported losing access to their accounts.

“Many users reported that hackers were accessing their accounts, logging them out of all devices, and then changing the account’s email and password, effectively taking over the account and locking the previous owner out,” said the report on.

Disney was yet to comment.

In some cases, hackers gained access to accounts by using email and password combos leaked at other sites, while in other cases “the Disney+ credentials might have been obtained from users infected with keylogging or info-stealing malware”.

Researchers asked Disney+ to help users by rolling out support for multi-factor authentication and prevent more attacks.

Disney+ accounts sold on dark web
The hijacked Disney+ accounts are up for sale on dark web. Pixabay

On the very first day of release on November 12, Disney+ users collectively spent 1.3 million hours streaming and watching the content available to them on the platform for the first day of release.

As per reports, analysts projected that Disney+ would have anywhere between 10-18 million subscribers in its first year. Disney has signed up more than half of those projected numbers in 24 hours.

The service was launched in the US for $6.99 per month or $69 per year.

Also Read- Smart Bulbs Can Steal Personal Information Through Hacking

The company has announced the service will be launched in major European markets, including the UK, France, Germany, Italy, Spain and “a number of other countries in the region” on March 31 next year.

Earlier, Disney had said that it expected to spend about $1 billion in 2020 on original content for the platform and $2 billion by 2024. (IANS)