SolarWinds blames intern for weak passwords breach

Data Breach
(Image credit: Shutterstock)

Troubled software firm SolarWinds may have had more security issues than previously thought after admitting a severe security lapse in password protection.

During a court hearing into the company's failings that led to a major cyberattack affecting the likes of the US government and Microsoft, it was revealed that a password for a company file server was leaked and discovered online.

And in an embarassing revelation for the company, the password was revealed to be the easily-guessable "solarwinds123".

Passwords 101

In an apparent attempt to pass the buck, SolarWinds leadership past and present blamed the shortcomings on an unidentified intern, claiming that once spotted, the issue was corrected within days, but were roundly rebuked by US lawmakers overseeing the case.

"I've got a stronger password than 'solarwinds123' to stop my kids from watching too much YouTube on their iPad," Representative Katie Porter said. "You and your company were supposed to be preventing the Russians from reading Defense Department emails!"

When confronted during the case by Representative Rashida Tlaib, CNN reported that former SolarWinds CEO Kevin Thompson claimed the password issue was "a mistake that an intern made."

"They violated our password policies and they posted that password on an internal, on their own private Github account," Thompson said. "As soon as it was identified and brought to the attention of my security team, they took that down."

To add further embarassment, SolarWinds CEO Sudhakar Ramakrishna later admitted that the password had been in use as early as 2017, stating, "I believe that was a password that an intern used on one of his Github servers back in 2017...which was reported to our security team and it was immediately removed."

The "solarwinds123" password was discovered online by an independent security researcher back in 2019, months before the company became the epicentre of a global cyberattack that has been called the “largest and most sophisticated attack the world has ever seen.” 

The breach involved SolarWinds Orion network monitoring software, which is used by an estimated 18,000 customers. As well as multiple private companies being affected, nine federal agencies were also compromised, with the US Department of Energy and the National Nuclear Security Administration among those targeted.

Thousands of software developers are thought to have been involved in the attack, which used 4,032 lines of code, and is thought to have been carried out from within the US - although it is still believed that Russia was ultimately responsible for the cyberattack.

Easily-guessable passwords and other credentials are one avenue of investigation for the case into how SolarWinds was hacked, along with compromised third-party software, or pure brute-force attacks on the company's network.

Via CNN

Mike Moore
Deputy Editor, TechRadar Pro

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.