Comodo Publicly Exposes Passwords

Despite the constant warnings about securing passwords, businesses still fail to implement proper network security. Comodo, a cybersecurity platform that offers SSL certificates and other services, exposed many of their internal documents when their password was exposed on the internet.

Data Exposed for the Taking

An email address and password for the company’s Microsoft-hosted cloud service was left exposed on GitHub. This development platform allows people to host and review code, manage projects, and build software. In this case, the email and password were in a repository that a Comodo software developer owned. A hacker was able to find the credentials and log into the cloud services to find:

  • Sales documents
  • Spreadsheets
  • Organizational Graphs containing staff member’s emails and phone numbers
  • Customer Contracts

A security researcher found the vulnerability and determined that the hacker had already accessed the information and had previously been attacking people through sending out spam. After the researcher notified Comodo Vice President, Rajaswi Das, the email and password were removed soon after.

Importance of Password Protection

The Director of Forensics at SecureForensics explained that when a hacker has access to your email, they can connect that email to several other accounts such as your social media. When an email is linked to and used for other sites or internal business models, it is not difficult for a hacker to find personally identifiable information on an employee or business.

Creating unique and strong passwords is a must for every account and email address you have. Using a site such as LastPass can help to generate random passwords and can remember the password for each of your accounts. Using two-factor authentication also prevents a hacker from accessing your sensitive information. Securing your business’ or individual account is not to be taken lightly, because an easily guessable password is all it takes to expose your entire life on the web.

Storing Sensitive Data on a Secure Device

GitHub has already led to a few data breaches such as Uber’s internal credentials being exposed in 2016 and a third party site using emails from a list of previously hacked online services to log in to people’s GitHub accounts. One of the common themes here is storing information on online platforms. In many cases, individual employees stored internal information on these public sites.

Using hardware-encrypted physical storage has many advantages over online sites and even software-based encryption. The SecureDrive BT can only be unlocked by entering a password using the mobile app. It offers two-factor authentication for an added layer of security, which was reportedly one of the features that Comodo lacked. It can also be unlocked using FaceID or TouchID to personalize the unlocking process.

In the case of an employee, the drives are remote management ready with geo- and time-fencing so the device can only be opened in predetermined times and places. The drives many features ensure that internal company information is kept in the proper hands and stored using a device that eliminates data leaks. For more information on our hardware-encrypted storage solutions, call 1-800-875-3230.