Deloitte Hacked and Critical Data of Clients Stolen by Hackers
Hackers compromised its global server through an “administrator account”
On 25th September, Deloitte revealed that it had suffered a major cybersecurity breach in the past year.
The mainstream global accounting firm and part of the “Big Four” group, revealed that it was hit by a cybersecurity breach that may have lasted across October 2016 to March 2017.
According to the reports, hackers may have stolen usernames, passwords, IP addresses, architectural diagrams for businesses, health information and personal details of its blue-chip clients. The hackers compromised its global server through an “administrator account”, which required only a password and did not have any two-step authentication.
Only a handful of Deloitte’s most senior partners and lawyers were informed about the attack. Although it is unclear who was behind the attack, Deloitte has been investigating the breach in its email servers for the past six months.
Ankush Johar, director of BugsBounty.com, said: “This reveal simply makes it clear that even the most cyber-aware organisations can be breached via leveraging a single tiny loophole. Although absolute security is too utopian, organisations should still have regular audits at every possible entry point as even a slight crack in the biggest of the dams can make it crumble in no time.
“It may not be possible for individual teams to maintain each and every brick in the wall and check it regularly hence, most organisations are shifting to crowd-sourced security models for a single reason - It works! The US DoD, Army and Airforce are clear examples of how large-scale organisations can benefit from crowd-sourcing their security. The meta is shifting, it might be better to shift with it instead of lagging behind.
“Other organisations must take this as a lesson and make sure proper policies are implemented well across their infrastructure and more importantly they are regularly audited. Moreover, even with all security checks in place, it’s extremely important to make sure that proper alarm bells are in place, so that, even if cybercriminals find a way through, which they eventually will, it doesn’t take months for your SoC team to even discover the breach. Preventing post exploitation is as important as avoiding a breach because it’s not about if you will get hacked, it about when and how quickly will you be able to mitigate."