Comodo’s files exposed due to employee negligence

Comodo’s files exposed due to employee negligence
The Siliconreview
29 July, 2019

Cybersecurity is a major concern, especially in light of the ongoing trend of globalization and growth in the IT sector. While some cyber-attacks are carried out in spite of meticulous security measures, every once in a while there is an attack that happens due to sheer negligence on part of the victims. That is exactly what happened at Comodo, a leading cybersecurity firm.

A security researcher managed to gain access to sensitive files and other company information by using login credentials accidentally exposed on the internet, enabling anyone who knew where to look potential access to Comodo’s information. The credentials were found on a Github repository that belonged to one of the developers at Comodo. Github repositories are often used by programmers to store their code online. However, it is not uncommon for developers to upload other files online, some of which may contain sensitive information.

The security researcher contacted a senior executive of the company to notify him about the risk, following which the login credentials were changed and the information removed from the online repository. The login id and password gave the researcher access to reports of sales, and personal information of various employees which included phone numbers, email addresses, and more.

The interesting thing about this incident is the fact that Comodo is a cybersecurity company which is supposed to help its clients prevent these things from happening. It goes on to show that however effective security measures get, a major lapse could come from just a small oversight.