Probably doesn't affect any here, but I'm still amazed that the hackers gained access through a system admin account.
https://www.theguardian.com/busines...-clients-secret-emails?CMP=Share_iOSApp_Other
https://www.theguardian.com/busines...-clients-secret-emails?CMP=Share_iOSApp_Other
So far, six of Deloitte’s clients have been told their information was “impacted” by the hack. Deloitte’s internal review into the incident is ongoing.
The Guardian understands Deloitte discovered the hack in March this year, but it is believed the attackers may have had access to its systems since October or November 2016.
The hacker compromised the firm’s global email server through an “administrator’s account” that, in theory, gave them privileged, unrestricted “access to all areas”.
In addition to emails, the Guardian understands the hackers had potential access to usernames, passwords, IP addresses, architectural diagrams for businesses and health information. Some emails had attachments with sensitive security and design details.
The breach is believed to have been US-focused and was regarded as so sensitive that only a handful of Deloitte’s most senior partners and lawyers were informed.