Security Breaches can Happen Anywhere
A hacker gained access to internal files and documents owned by security company and SSL certificate issuer Comodo. By using an email address and password mistakenly exposed on the internet.
The credentials are found in a public GitHub repository owned by a Comodo software developer. With the email address and password in hand, the hacker is able to log into the company’s Microsoft-hosted cloud services. This account is not protected with two-factor authentication.
How it Happened
Ursem told TechCrunch that the account allowed him to access internal Comodo files and documents, including sales documents and spreadsheets in the company’s OneDrive — and the company’s organization graph on SharePoint, allowing him to see the team’s biographies, contact information including phone numbers and email addresses, photos, customer documents, calendar, and more.
“This is a security company and gave out SSL certificates. You’d think that the security of their own environment would come first above all else,” said Ursem. But according to Ursem, he wasn’t the first person to find the exposed email address and password.
“This account is being hacked by somebody else, who is sending out spam,” he tells TechCrunch. He shared a screenshot of a spam email sent out, purporting to offer tax refunds from the French finance ministry.
It’s the latest example of exposed corporate passwords found in public GitHub repositories, where developers store code online. All too often developers upload files inadvertently containing private credentials used for internal-only testing. Researchers like Ursem regularly scan repositories for passwords and report them to the companies, often in exchange for bug bounties.