![]() Orvis did not respond to follow-up requests for comment via phone and email the last two email messages sent by KrebsOnSecurity to Orvis were returned simply as “blocked.” ![]() That finding was corroborated by 4iq.com, a company that aggregates information from leaked databases online. However, according to Hold Security founder Alex Holden, this enormous passwords file was actually posted to Pastebin on two separate occasions last month, the first being on Oct. “We are leveraging our existing security tools to conduct an investigation to determine how this occurred.” “The file contains old credentials, so many of the devices associated with the credentials are decommissioned and we took steps to address the remaining ones,” Kimball said. Reached for comment about the source of the document, Orvis spokesperson Tucker Kimball said it was only available for a day before the company had it removed from Pastebin. In late October, this author received a tip from Wisconsin-based security firm Hold Security that a file containing a staggering number of internal usernames and passwords for Orvis had been posted to Pastebin. The company has approximately 1,700 employees, 69 retail stores and 10 outlets in the US, and 18 retail stores in the UK. ![]() and founded in 1856, privately-held Orvis is the oldest mail-order retailer in the United States. Orvis says the exposure was inadvertent, and that many of the credentials were already expired.īased in Sunderland, VT. ![]() Orvis, a Vermont-based retailer that specializes in high-end fly fishing equipment and other sporting goods, leaked hundreds of internal passwords on for several weeks last month, exposing credentials the company used to manage everything from firewalls and routers to administrator accounts and database servers, KrebsOnSecurity has learned. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |