"Kazanov discovered a folder called 'DevOps_Handoff' on the company-wide intranet that any employee could access, containing a spreadsheet with sensitive credentials."
"The lead engineer revealed that the password for the file was based on the company name and the year, making it relatively easy to guess."
"The existence of the spreadsheet was a temporary solution to a disagreement between the internal DevOps team and an external DBA team regarding password management."
A fintech startup invested over $1 million in a security system but failed to protect sensitive information adequately. During an audit, a folder named 'DevOps_Handoff' was found on the company intranet, accessible to all employees. Inside was a password-protected spreadsheet containing root DB credentials and AWS IAM keys. The password was easily guessable, and the file had been in existence for eight months due to a disagreement between internal and external teams over password management solutions.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]