Feeds

Users' passwords exposed by Splunk

Regrets the error

The essential guide to IT transformation

Updated Splunk, a kind of Google for business technology that boasts it can help reinforce your security, has exposed the details of major customers to hackers following a web site slip up.

The passwords of customers on Splunk.com were revealed after some debug information leaked on to its production servers. The debug code exposed users passwords to Splunk.com as clear text, the company said. The site contained the emails and user names customers had used to register with Spluk.

Splunk has reset all affected users' passwords in what it called an "abundance of caution", and purged the log files and indexes of users' active sessions on Splunk.com. It advised customers to change the temporary password as soon as possible.

Also, Splunk urged those who used their Splunk.com password on other systems or web sites to also change those passwords.

That should mean around half of Splunk users affected should have to change: a survey of web users' habits in the UK alone in January found 46 per cent use the same password for most web-based accounts. Five percent use the same password for every site.

The company notified customers through a letter and on its blog. According to the blog: "We have no reason to believe that the information was exposed to anyone other than the small subset of Splunk employees that have access to our internal Splunk deployment."

It said a "small number of passwords" were exposed in the web server’s error log.

Splunk has 1,750 customers including BT, Cisco, LikedIn, Nasa, Visa and the US Department of Energy. Its software is downloaded from the web and is used as a search, monitor and reporting tool that crawls through the raw data on applications, hardware and network systems.

Splunk searches logs, configurations, messages, alerts, scripts and metrics on a variety of systems. According to the company's site: "With Splunk you can troubleshoot application outages, investigate security incidents, and demonstrate compliance in minutes, not hours or days." ®

This article has been updated to explain the type of customer information contained in the Splunk.com site.

5 things you didn’t know about cloud backup

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
KER-CHING! CryptoWall ransomware scam rakes in $1 MEEELLION
Anatomy of the net's most destructive ransomware threat
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
prev story

Whitepapers

Gartner critical capabilities for enterprise endpoint backup
Learn why inSync received the highest overall rating from Druva and is the top choice for the mobile workforce.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.