FireEye’s Post Mortem: Analyst Didn’t Change Passwords

Mandiant Analyst’s Personal Credentials Were Scattered All Over the Web

It’s a red-faced moment for FireEye. The company says an investigation reveals that an attack against an analyst’s personal online accounts was enabled by the employee’s continued use of compromised login credentials.

The broad lesson from FireEye’s recounting of the attack is startling and clear: Even one of the most prominent cybersecurity companies has trouble ensuring its employees follow the most pedestrian security advice for their personal online accounts.

The attackers – a group calling itself 31337 – did not breach the company’s corporate network or the analyst’s computers but instead several of his personal online accounts, FireEye says. But 31337 did find and release three corporate documents from those accounts. FireEye has notified the two affected customers (seeĀ Hacker Group 31337 Dumps Data Stolen From Mandiant Analyst).

The breach illustrates a widely known risk: employees using personal accounts for work-related business. The security of those documents and information is then dependent on the security practices of the user, which may not meet the standards required on a corporate network.

But the inappropriate use of personal accounts is difficult to stop. Users often lean toward convenience over security when trying to get work done.

Continue reading…