Security News > 2020 > December > SolarWinds Says 18,000 Customers May Have Used Compromised Orion Product
SolarWinds' investigation into the recent attacks that leveraged its products to target government and private sector organizations revealed that 18,000 customers may have used the compromised products, the company said in a filing with the Securities and Exchange Commission on Monday.
The vendor says the attacker could have exploited the introduced vulnerability to compromise the server running the Orion product.
SolarWinds says it has notified roughly 33,000 Orion customers of the incident, but the firm believes that in reality "Fewer than 18,000" customers may have used the compromised version of its products.
The source code repository of the Orion products was apparently not compromised.
In its SEC filing, SolarWinds noted that it "Is still investigating whether, and to what extent, a vulnerability in the Orion products was successfully exploited in any of the" attacks reported by the media.