Splunk customers’ passwords revealed
 After some debug information leaked on Splunk organization servers, passwords of customers were revealed.
Mentioned organization indexes and makes searchable data from any application, server or network device in real time. Problem occurred when the debug code exposed user passwords in form of clear text. Security team reset all affected users passwords and purged the log files and indexes of users’ active sessions. They advised customers to change the temporary password as soon as possible. The company notified customers that information wasn’t exposed to anyone other than the small subset of employees. Also, they said that a small number of passwords were exposed in the web server’s error log. Splunk has 1,750 customers including BT, Cisco, LikedIn, Nasa, Visa and the US Department of Energy. Its software is downloaded from the web and is used for search, monitoring and reporting about IT resources. It searches logs, configurations, messages, alerts, scripts and metrics on a variety of systems. More detailed description of the news can be found on The Register web site. |
