Source: Bleeping Computer
“Deloitte, one of the world’s biggest accounting, auditing, and corporate finance consulting firms, has suffered a data breach.
The breach, according to a UK newspaper citing an inside source, took place in around October or November 2016 but was not detected until after six months, in March 2017.
The hackers allegedly broke in after managing to take over one of the email server admin accounts. The hack was facilitated because the admin user did not use two-factor authentication for the account.
“In a hack of this scale, criminals or spies will continue to reap dividends years down the road,” Kenneth Geers, senior research scientist at Comodo told Bleeping Computer via email.
“The attack has gone on for at least six months, so the hackers may have been able to cover their tracks and/or install backdoors for future use,” Geers added. “An admin username and password to a global email server is like a digital Swiss Army knife to corporate and client secrets. It is inexcusable for such an admin account not to have two-factor authentication.”
For starters, the personal information of every US voter was leaked; the Social Security numbers of more than a hundred million Americans were stolen; and a slew of retail businesses exposed untold amounts of your financial data. And when it was all said and done, what did we learn? Well, mostly that corporations are still terrible at keeping our sensitive information safe.”