April 27, 2010, 9:58AM
Splunk Inadvertently Exposes User Passwords
2 Comments
The passwords of customers on Splunk.com were revealed after some debug
information leaked on to its production servers. The debug code exposed
users passwords to Splunk.com as clear text, the company said. Read the full article. [The Register]
Recommended Reads
Commenting on this Article is closed.
Today's Most Popular
- Yahoo Includes Private Key in Source File For Axis Chrome Extension
- FBI Warns Top Firms Of Anonymous Protest Hacks on May 25
- Researchers Unveil New Way to Trust Certificates
- DNSChanger Lingers: 330k Systems Still Infected, 77,000 In The U.S.
- Defense Contractor Northrop Grumman Hiring For Offensive Cyber Ops
Most Commented Stories
Newsletter Sign-up
Take Our Poll
The Internet Crime Complaint Center recently warned of malware targeting travelers connecting to Wi-Fi. When traveling, do you
Connect to anything
23%
Only connect to password-protected, secure connections
38%
Only use websites with HTTPS
27%
I don’t pay attention to how I access the internet while traveling
13%
Total votes: 71
Follow Threatpost
 |  |  |  |
| Tumblr |
Comments
Is this really news worthy? From TFA:
"We have no reason to believe that the information was exposed to anyone other than the small subset of Splunk employees that have access to our internal Splunk deployment."
This is NOT newsworthy. The issue was just the passwords to the splunk.com website (not the product, not the user’s website, not the user’s data) which were seen by *5* splunk internal employees. Splunk recommended that user’s change their passwords. Again, this is just the user’s account for splunk.com which is just for tracking downloading of the free splunk product, and they were only seen by 5 splunk internal employees. All the files were internal, behind the firewall. No hackers, no public access, no data loss.
There is NOTHING dangerous about this at all. It’s absurd that Splunk is being maligned for doing the right thing.