US cyber security firm Comodo caught unawares as hacker accessed and kept its files in public repository

Dark web

An anonymous hacker got access to internal files of US-based cybersecurity company Comodo, headquartered in Clifton, New Jersey. By using an email address and password mistakenly exposed on the Internet, the attacker gained access and raised questions on the credibility of the cybersecurity company.

As reported by TechCrunch the credentials were found in a public GitHub repository owned by a Comodo software developer.

Notably, the account was not protected with two-factor authentication and with the email address and password in hand, it became vulnerable to cyber attacks as the hacker could get easy entry into the company's Microsoft-hosted Cloud services.

It was the Netherlands-based security researcher Jelle Ursem, who first discovered the leaked credentials on the internet and then reached out to Comodo's Vice-President Rajaswi Das.

The researcher, Ursem also revealed that the account allowed him to access internal files of the cybersecurity company that includes sales documents and spreadsheets in the company's OneDrive and Comodo's organisation graph on SharePoint.

He also mentioned that he was also could see the team's biographies, contact information, such as phone numbers and email addresses, personal details, including photos, customer documents and calendar. It also showed screenshots of folders which includes agreements as well as contracts with several customers and their names in each filename, such as hospitals and US state governments.

Earlier this year, Ursem also found a similarly exposed set of internal Asus passwords on an employee's GitHub public account. In this case, made public in May, it was revealed that a group of cybercriminals have targeted the open-source software development platform, GitHub and almost 100 of the developers have had the Git source code repositories wiped out and replaced with a ransom demand.

This article was first published on July 29, 2019