The Register® — Biting the hand that feeds IT

Feeds

Users' passwords exposed by Splunk

Regrets the error

By Gavin Clarke in San Francisco, 26th April 2010
  • print
  • alert

Cloud based data management

Updated Splunk, a kind of Google for business technology that boasts it can help reinforce your security, has exposed the details of major customers to hackers following a web site slip up.

The passwords of customers on Splunk.com were revealed after some debug information leaked on to its production servers. The debug code exposed users passwords to Splunk.com as clear text, the company said. The site contained the emails and user names customers had used to register with Spluk.

Splunk has reset all affected users' passwords in what it called an "abundance of caution", and purged the log files and indexes of users' active sessions on Splunk.com. It advised customers to change the temporary password as soon as possible.

Also, Splunk urged those who used their Splunk.com password on other systems or web sites to also change those passwords.

That should mean around half of Splunk users affected should have to change: a survey of web users' habits in the UK alone in January found 46 per cent use the same password for most web-based accounts. Five percent use the same password for every site.

The company notified customers through a letter and on its blog. According to the blog: "We have no reason to believe that the information was exposed to anyone other than the small subset of Splunk employees that have access to our internal Splunk deployment."

It said a "small number of passwords" were exposed in the web server’s error log.

Splunk has 1,750 customers including BT, Cisco, LikedIn, Nasa, Visa and the US Department of Energy. Its software is downloaded from the web and is used as a search, monitor and reporting tool that crawls through the raw data on applications, hardware and network systems.

Splunk searches logs, configurations, messages, alerts, scripts and metrics on a variety of systems. According to the company's site: "With Splunk you can troubleshoot application outages, investigate security incidents, and demonstrate compliance in minutes, not hours or days." ®

This article has been updated to explain the type of customer information contained in the Splunk.com site.

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

COMMENTS

House Rules Send Corrections
All Reader Comments (18)
Highly Rated
Gary F

Idiots

A security company keeping passwords of users? And in the clear? I will give them a free piece of invaluable advice. Store a hash of the password, never the password itself. There is absolutely no reason why any system would need to keep the password on file - except to increase the risk of exposing sensitive information or to use it for criminal activity.

5
1
Havin_it

Just can't take the article seriously

with that name. Seriously, who saluted that one when they ran it up the flagpole?

And, please, any discussion of "internal Splunk deployment" should be kept in the Netherlands where it belongs.

Then again it might make a good (and it's really about time we had one) generic verb/noun for an enterprise privacy breach. As in: "I don't believe it, BT have splunked my credit card details all over the place!" etc.

5
1
johnmark

Some facts

Just to clear up some misconceptions...

1. Last week, due to some temporary debug code that was promptly removed, we discovered that some splunk.com users’ passwords inadvertently appeared in our internal web server logs.

2. No one’s password was accessible from the internet or the splunk.com web site, and we took immediate steps to purge the confidential information from our internal system logs.

3. Our internal IT team that monitors the Splunk.com site logs are the only employees who would have temporarily been able to see these passwords.

4. This applies only to passwords on our web site, splunk.com, and did not impact anyone’s deployment of Splunk software or the data stored in customers’ instances of Splunk.

5. We proactively reset all potentially affected users’ passwords; cleared all of these users’ active sessions on splunk.com; purged the information from all internal log files; and then notified all affected users, sending them a new temporary password. This was a precaution.

No, we don't normally leave clear text passwords in the logs - web monkeys have been appropriately flogged.

Feel free to ask me any questions or see the updated blog post here: http://blogs.splunk.com/2010/04/24/splunk-com-password-leak/

Thanks,

John Mark Walker

Splunk Community Guy

2
0

More from The Register

breaking news
Number of cops abusing Police National Computer access on the rise
Only a telegram from the Queen can get you off it
136
breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
96
Flash flaw potentially makes every webcam or laptop a PEEPHOLE
But it's a Google problem - Chrome only, insists Adobe
61
Internet fraud still stings suckers
Australians twice as gullible as Americans
36
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
breaking news
Yahoo! joins! rivals! in! PRISM! data! request! admission!
Keep calm and carry on using American tech firms, folks
41
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17