Oct 23, 2020 9:27:42 AM
Oct 23, 2020 9:27:42 AM
The target: MAXEX, an Atlanta-based residential mortgage trading company.
The take: 9GB of internal company and client data including: confidential banking information, login credentials, emails, penetration test reports, and full mortgage documentation for 23 individuals.
The attack vector: The breach took place due to an unsecured, publicly exposed Jenkins server. A server of this type is used in a variety of highly sensitive activities in the operation and development of software applications. Notably in this breach, MAXEX had stored login credentials in plain text with enough permissions to compromise many of its other systems.
This breach highlights the importance of properly securing data. Furthermore, it underscores the critical importance of credential management as a compromise in one system can easily lead to a pivot to other systems, which can have a cascading negative impact upon company and client data.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
84 Chain Lake Drive, Suite 501
Halifax, NS
Canada, B3S 1A2
+1-902-429-8880
Manila
Ground Floor, Three E-com Center
Mall of Asia Complex
Pasay City, Metro Manila
Philippines 1300
Sydney
Level 36 Governor Phillip Tower
1 Farrer Place Sydney 2000
Australia
+61 (2) 8823 3370
Abu Dhabi
Floor No.15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy