KrebsOnSecurity reported that the sporting goods retail chain Orvis leaked a large number of internal credentials on Pastebin. The information remained on the site for a few weeks during the month of October before Orvis was notified by Hold Security about the file. Alex Holden, Hold Security’s founder, said that the file was posted on two separate occasions, once on October 4th and again on October 22nd. Orvis spokesperson Tucker Kimball stated, “The file contains old credentials, so many of the devices associated with the credentials are decommissioned and we took steps to address the remaining ones. We are leveraging our existing security tools to conduct an investigation to determine how this occurred.” Contained in the file were usernames and passwords in plaintext that Orvis has used for different services or security products.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.