This made the fringe cybersecurity news a few days ago: Deloitte got hacked. Again. And in a tremendously noobish way.
The hacker known as IntelBroker announced late last week on the BreachForums cybercrime forum the availability of “internal communications” obtained from Deloitte, specifically an internet-exposed Apache Solr server that was accessible with default credentials.
The hacker claims the stolen data includes email addresses, communications between intranet users, and internal settings.
The data is available for download to the hacking forum’s active users or those who have purchased credits.
Cyber Security News has a screenshot of the forum post, a forum we won’t be visiting tyvm.
According to CSN, the compromised data includes email addresses and communications between intranet users, among other things. Deloitte told SecurityWeek an internal investigation “has found no threat to client data or other sensitive data related to this incident.”
A quick search of our archive reveals a few prior hacking incidents for Deloitte:
- Deloitte Tries To Play It Cool After Cyberattack
- Sony Hack Also Leaked Deloitte Salaries, Reveals Gender Gap*
The latter incident wasn’t Deloitte’s fault, to be fair. Sony got breached hard in 2014 and an ex-Deloitte employee who worked for Sony HR at the time just happened to have a spreadsheet with the 2005 salaries of 31,124 Deloitte employees. The sheet also contained race and gender data.
Just going to leave this here for Deloitte to pursue at their leisure.
