Security News > 2021 > January > Ah, right on time: Hacker-slammed SolarWinds sued by angry shareholders

Ah, right on time: Hacker-slammed SolarWinds sued by angry shareholders
2021-01-05 23:03

SolarWinds - the network monitoring biz thoroughly hacked as part of a wider espionage operation - has been sued by its shareholders who claim bosses failed to tell them about its numerous security woes.

Last month, it emerged the update server used by SolarWinds to distribute its Orion software had been subverted by miscreants to secretly inject a backdoor into the code so that hackers could infiltrate the computers of customers who installed the product.

The lawsuit alleges that the software biz had failed to warn shareholders in a timely manner that a backdoor had been planted in its Orion monitoring products from the middle of 2020, which opened up systems used by the US federal government and corporations.

The lawsuit also points out that SolarWinds' update server was at one time only protected by the insanely bad password solarwinds123, which was not a great indication of security being taken seriously.

In its quarterly filings with the SEC, SolarWinds included the standard boilerplate warning to investors about its cybersecurity efforts: that there was an increase in the "Number, intensity and sophistication of attempted hacks and intrusions from around the world," and that as a result it "May be unable to anticipate these techniques or to implement adequate preventative measures." As a result, SolarWinds' software could be breached and lead to a "Severe reputational damage adversely affecting customer or investor confidence."

The lawsuit references reports three days after the hack became public in which security researcher Vinoth Kumar said he had "Alerted the company that anyone could access SolarWinds' update server by using the password 'solarwinds123.'" The lawsuit also notes that days after the hack was revealed, the compromised Orion software updates were still on SolarWinds' website, though we note they were no longer directly linked from any webpages.


News URL

https://go.theregister.com/feed/www.theregister.com/2021/01/05/solarwinds_sued/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Solarwinds 56 33 104 80 50 267