Deloitte Hacked – Client Emails, Usernames & Passwords Leaked


It seems to be non-stop lately, this time it’s Deloitte Hacked, which has also revealed all kinds of publically accessible resources that really should be more secure (VPN, RDP & Proxy services).

Deloitte Hacked - Client Emails, Usernames & Passwords Leaked


The irony is that Deloitte positions itself as a global leader in information security and offers consulting services to huge clients all over the planet, now it seems they don’t take their own advice. Honestly this is not all that uncommon, it’s human nature to leave your own stuff last as it doesn’t directly impact revenue or value (until you get hacked).

One of the world’s “big four” accountancy firms has been targeted by a sophisticated hack that compromised the confidential emails and plans of some of its blue-chip clients, the Guardian can reveal.

Deloitte, which is registered in London and has its global headquarters in New York, was the victim of a cybersecurity attack that went unnoticed for months.

One of the largest private firms in the US, which reported a record $37bn (£27.3bn) revenue last year, Deloitte provides auditing, tax consultancy and high-end cybersecurity advice to some of the world’s biggest banks, multinational companies, media enterprises, pharmaceutical firms and government agencies.

The Guardian understands Deloitte Hacked clients across all of these sectors had material in the company email system that was breached. The companies include household names as well as US government departments.

So far, six of Deloitte’s clients have been told their information was “impacted” by the hack. Deloitte’s internal review into the incident is ongoing.

Source: The Guardian


After the Deloitte Hack was revealed a whole bunch of people starting poking around and found a scary amount of fairly private information and resources exposed on the public Internet, easily connected to RDP instances, proxy details posted on an employees Google+ account and VPN servers.

To be fair, Deloitte is a HUGE multi national company and I’d imagine different countries and even cities within countries will have vastly different levels of technological competence and security.

On top of these potential leaks of corporate login details, Deloitte has loads of internal and potentially critical systems unnecessarily facing the public internet with remote-desktop access enabled. All of this gear should be behind a firewall and/or with two-factor authentication as per industry best practices. And likely the best practices Deloitte recommends to its clients, ironically.

“Just in the last day I’ve found 7,000 to 12,000 open hosts for the firm spread across the globe,” security researcher Dan Tentler, founder of Phobos Group, told The Register today. “We’re talking dozens of business units around the planet with dozens of IT departments showing very different aptitude levels. The phrase ‘truly exploitable’ comes to mind.”

For example, he found a Deloitte-owned Windows Server 2012 R2 box in South Africa with RDP wide open, acting as what appears to be an Active Directory server – a crucial apex of a Microsoft-powered network – and with, worryingly, security updates still pending installation. Other cases show IT departments using outdated software, and numerous other security failings.

Honestly, it’s not really surprised – I think if you started profiling and poking around any of the huge companies you’d find a whole lot of things that aren’t supposed to be on the public Internet – even the ones that offer extremely expensive information security services like Deloitte.

It also comes not long after the Equifax Data Breach and the news of Time Warner Hacked.

Source: The Register

Posted in: Hacking News

, ,


Latest Posts:


OWASP APICheck - HTTP API DevSecOps Toolset OWASP APICheck – HTTP API DevSecOps Toolset
APICheck is an HTTP API DevSecOps toolset, it integrates existing tools, creates execution chains easily and is designed for integration with 3rd parties.
trident - Automated Password Spraying Tool trident – Automated Password Spraying Tool
The Trident project is an automated password spraying tool developed to be deployed on multiple cloud providers and provides advanced options around scheduling
tko-subs - Detect & Takeover Subdomains With Dead DNS Records tko-subs – Detect & Takeover Subdomains With Dead DNS Records
tko-subs is a tool that helps you to detect & takeover subdomains with dead DNS records, this could be dangling CNAMEs point to hosting services and more.
Arcane - Tool To Backdoor iOS Packages (iPhone ARM) Arcane – Tool To Backdoor iOS Packages (iPhone ARM)
Arcane is a simple script tool to backdoor iOS packages (iPhone ARM) and create the necessary resources for APT repositories.
SharpHose - Asynchronous Password Spraying Tool SharpHose – Asynchronous Password Spraying Tool
SharpHose is an asynchronous password spraying tool in C# for Windows environments that takes into consideration fine-grained password policies and can be run over Cobalt Strike's execute-assembly.
Axiom - Pen-Testing Server For Collecting Bug Bounties Axiom – Pen-Testing Server For Collecting Bug Bounties
Project Axiom is a set of utilities for managing a small dynamic infrastructure setup for bug bounty, basically a pen-testing server out of the box with 1-line.


Comments are closed.