Texas-based software company SolarWinds was the victim of a major hack recently that affected multiple government agencies and corporate clients. In a hearing before the House Oversight and Homeland Security Committees, the company’s former CEO blamed an intern that changed a company password to “solarwinds123.”
Gizmodo reports that there has been a new development in the SolarWinds hacking saga, with the company’s former CEO Kevin Thompson blaming the hack partly on a company intern and an insecure server.
In a joint hearing on Friday, Thompson told representatives from the House Oversight and Homeland Security Committees that one SolarWinds server was protected by a very simple password: “solarwinds123.”
Thompson alleged that this was “related to a mistake an intern made, and they violated our password policies.” Thompson further explained that the intern posted the password on their own private GitHub account. “As soon as it was identified and brought to the attention of my security team, they took that down,” Thompson said.
The password issue dates back to at least 2018 although testimony provided by SolarWinds on Friday appears to indicate that it could go back even further. Security researcher Vinoth Kumar told Reuters that he warned SolarWinds that anyone could access its update server using the “solarwinds123” password in December. According to CNN, the password was accessible online since at least June 2018.
However, at the hearing, SolarWinds’ current CEO, Sudhakar Ramakrishna, told lawmakers that the password was used on one of the intern’s servers in 2017.
Rep. Katie Porter (D-CA) told SolarWinds officials at the hearing: “I’ve got a stronger password than ‘solarwinds123′ to stop my kids from watching too much YouTube on their iPad.”
It is still unclear whether or not the password leak played a role in the SolarWinds hack, but Kumar did demonstrate to SolarWinds previously that the insecure password allowed him to log in and place a file on the SolarWinds update server, which is how so many SolarWinds managed systems were infiltrated during the hack.
The hack is still being investigated and it’s unclear what data hackers gained access to. The investigation will likely continue for several months. Kevin Mandia, the CEO of FireEye, the cybersecurity firm that discovered the hack, stated that the full scope of the attack may never be known.
“The bottom line: We may never know the full range and extent of damage, and we may never know the full range and extent as to how the stolen information is benefitting an adversary,” Mandia said.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan or contact via secure email at the address firstname.lastname@example.org