Hackers target Deloitte. Client’s confidential information leaked!

 

Deloitte servers hacked

In a latest case in cyber security leaks, Deloitte, one of the ‘big four’ accountancy firms, was hacked and usernames, passwords and other sensitive information was leaked to attackers.

Deloitte provides audit, tax, consulting, enterprise risk and financial advising services to more than 250,000 people in the world and is based in New York. The company also specializes in providing cyber security expertise to some of the biggest companies in the world as well.

The attackers got access to one of Deloitte’s global email servers by hacking into one of the “administrative accounts” which had not implemented ‘two-factor authentication’ on it. As a result, there was no two stage verification when hackers tried to access the servers. Deloitte have about 5 million emails in Microsoft Azure cloud service. According to them, only six clients have been notified of the breach since this is still highly confidential.

Deloitte’s cyber security and incident response team discovered the hack in March 2017 but it is possible that the attackers could have started getting access to their system since November, 2016. “In response to a cyber incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review including mobilizing a team of cyber security and confidentiality experts inside and outside of Deloitte,” a spokesman said.

Since the breach, researchers have been looking on the Internet trying to find how exactly the hack could have happened. They found quite a few lapses in their security system.  VPN credentials on Github and proxy login credentials on Google+ (now removed), thousands of hosts exposed on the Internet. On top of that, DNS servers and at least one Active Directory server with RDP open and pending Windows updates was also found. This is shocking because Deloitte are known for cyber security consulting and chances are it will impact their reputation to a large extent.

This is yet another in a series of attacks beginning with Equifax, one of the three leading credit reporting companies in the US, who were hacked and about 143 million people’s privacy was put under threat.

One thought on “Hackers target Deloitte. Client’s confidential information leaked!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.