Splunk Inadvertently Exposes User Passwords

The passwords of customers on Splunk.com were revealed after some debug
information leaked on to its production servers. The debug code exposed
users passwords to Splunk.com as clear text, the company said. Read the full article. [The Register]

The passwords of customers on Splunk.com were revealed after some debug
information leaked on to its production servers. The debug code exposed
users passwords to Splunk.com as clear text, the company said. Read the full article. [The Register]

Suggested articles

Discussion

  • Anonymous on

    Is this really news worthy? From TFA:

    "We have no reason to believe that the information was exposed to anyone other than the small subset of Splunk employees that have access to our internal Splunk deployment."

  • Anonymous on

    This is NOT newsworthy.  The issue was just the passwords to the splunk.com website (not the product, not the user’s website, not the user’s data) which were seen by *5* splunk internal employees.  Splunk recommended that user’s change their passwords. Again, this is just the user’s account for splunk.com which is just for tracking downloading of the free splunk product, and they were only seen by 5 splunk internal employees. All the files were internal, behind the firewall.  No hackers, no public access, no data loss.

    There is NOTHING dangerous about this at all. It’s absurd that Splunk is being maligned for doing the right thing.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.