Deloitte's 'Test your Hacker IQ' site fails itself after exposing database user name, password in config file

2020-11-05 08:28

A website created for global consultancy Deloitte to quiz people on knowledge of hacking tactics has proven itself vulnerable to hacking.

The site invites visitors to "Test Your Hacker IQ" by entering a username.

The deloittehackeriq.com domain was registered by Tank Design, a Massachusetts-based digital marketing firm, in 2015 and the site includes a 2015 Deloitte Development LLC copyright notice.

In a statement sent to The Register after this story was published, a spokesperson for Deloitte distanced the firm from the now-removed hacking contest site.

"The platform is hosted by a third-party and is distinct from any other Deloitte system; there is no impact to any other Deloitte system. The site has not been actively used since 2015 and has now been taken down. We remain vigilant in assessing this incident and other potential cyber threats. We are deeply committed to maintaining cyber defenses that are aligned to best-in-class practices, to investing heavily in protecting confidential information, and to continually reviewing and enhancing our cyber security."

News URL

https://go.theregister.com/feed/www.theregister.com/2020/11/05/deloitte_hacker_test/

#database #deloitte #hacker #test