CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
April 26th, 2010

Splunk.com Exposed Clear Text Users Passwords During Server Error

Splunk, a kind of Google for business technology that boasts it can help reinforce your security, has exposed the accounts of major customers to hackers following a web site slip up.

The passwords of customers on Splunk.com were revealed after some debug information leaked on to its production servers. The debug code exposed users passwords to Splunk.com as clear text, the company said.

Splunk has reset all affected users’ passwords in what it called an “abundance of caution”, and purged the log files and indexes of users’ active sessions on Splunk.com. It advised customers to change the temporary password as soon as possible.

Also, Splunk urged those who used their Splunk.com password on other systems or web sites to also change those passwords.

That should mean around half of Splunk users affected should have to change: a survey of web users’ habits in the UK alone in January found 46 per cent use the same password for most web-based accounts. Five percent use the same password for every site.

The company notified customers through a letter and on its blog. According to the blog: “We have no reason to believe that the information was exposed to anyone other than the small subset of Splunk employees that have access to our internal Splunk deployment.”

It said a “small number of passwords” were exposed in the web server’s error log.

Splunk has 1,750 customers including BT, Cisco, LikedIn, Nasa, Visa and the US Department of Energy. Its software is downloaded from the web and is used as a search, monitor and reporting tool that crawls through the raw data on applications, hardware and network systems.

Credit: The Register

Share this item with others:

More on CyberInsecure:
  • European Space Agency Website ESA.int Hacked, FTP And Email Passwords Leaked
  • PlentyOfFish Resets User Passwords After Registration Details Theft
  • RockYou.com SQL Injection Flaw Exposes 32 Million Accounts Passwords
  • Online Music Service Spotify.com Breached By Hackers
  • Web Security Provider Barracuda Networks Attacked, Sensitive Data Exposed

    • Posted in Breaches And Incidents, Privacy, Software | Print This Post Print This Post

    This entry was posted on Monday, April 26th, 2010 at 3:48 pm and is filed under Breaches And Incidents, Privacy, Software. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Splunk.com Exposed Clear Text Users Passwords During Server Error

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »