Breach!

If you don’t know the name, SolarWinds, that’s about to change.

SolarWinds is a software company that provides tools for management data networks that are used by many large companies and US government agencies.

The problem? SolarWinds was hacked by Russian intelligence services more than eight months ago. The hack was only discovered this month. Basically, corporations, Federal agency, state and local agencies, and private foundations that use their software have had secrets shipped to Moscow. That may include sensitive personal information on your healthcare and finances. It was there for the taking if the Russians wanted it.

The Russians expanded the damage by using the SolarWinds hack to penetrate and steal threat detection tools from a major Internet security form, FireEye. From there, they hacked Google and Gmail (see below), and the Verizon subsidiary, Yahoo, as well as the Pentagon and US Treasury.

For you, Blue Cross and Blue Shield was listed as a SolarWinds client (see list below), and that means that Independence Blue Cross, Horizon Blue Cross and a host of other health insurers are probably compromised. This could be the largest HIPAA violation since that law was passed.

Google and its Gmail is compromised. If you sent a message to a gmail subscriber, you may have gotten a bounceback that the email account doesn’t exist — even if you are simply replying to a message your received. That happened to me this week (no, I don’t used gmail for business or personal messages, just for calendar management).

SolarWinds is trying to cover its tracks by deleting a list of customers from its website.(2) However, SolarWinds claims that Federal agencies and 450 of the the Fortune 500 companies are clients. MSN published a partial list of SolarWinds customers before SolarWinds took their list down.

The Trump administration has done next to nothing to protect the US from hacking by Russia, China, or anyone else. They compounded that inaction by firing the director of the office charged with dealing with cyberterrorism, because he disagreed with the president about the integrity of the recent election.

Now we are seeing the cost of lax management.

Here are some of the companies into which Russian intelligence has gained access. The list includes credit cards, retailers, car manufacturers, cosmetics and personal grooming, cable-TV services, telephone companies, electric utilities, museums and universities. Your data were available for the taking. Whether the Russians wanted it or not is up to them.

Apple users can take heart. We know that Microsoft and Google were hacked, but there is no evidence that Apple was involved at this time.

Bottom line: you need to change ALL passwords on all of your accounts NOW!

Partial list of SolarWinds customers courtesy of MSN

Sources:

  1. https://www.nbcnews.com/tech/security/russian-hacking-campaign-highlights-supply-chain-vulnerabilities-n1251187
  2. https://www.theverge.com/2020/12/15/22176053/solarwinds-hack-client-list-russia-orion-it-compromised
  3. https://www.marketwatch.com/story/massive-solarwinds-hack-may-have-exposed-americas-biggest-secrets-01608076875
  4. https://www.kxan.com/news/local/austin/austin-based-solarwinds-at-center-of-massive-us-government-hack/
  5. https://spectrumlocalnews.com/tx/san-antonio/news/2020/12/14/austin-based-solarwinds-unwitting-conduit-for-foreign-hack-of-u-s–government-agencies–report-
  6. https://www.msn.com/en-us/news/world/hacked-solarwinds-software-firm-s-customer-list-includes-cdc-hundreds-from-fortune-500/ar-BB1bUxZj

6 comments

  1. Don’t know about changing all passwords – I have more than 100 passwords for all sorts of accounts. Hopefully, as in past responsible organizations will notify me if they find they have been breached and new passwords are needed.

    Liked by 1 person

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.