The Amazing Flight Of The Panama Papers
“The front-end computer systems of Mossack Fonseca are outdated and riddled with security flaws, analysis has revealed.” (wired.co.uk)
Is the biggest disclosure of secret data would be due to known vulnerabilities? Many questions arise about the origin of this history’s biggest data leak. For some people, it would be a human leak, but it may well be otherwise. Many analysts have sought various possible causes of the Panama papers breach and it appears that the content management systems (CMS) used were vulnerable!
This data breach lead to a data dump of over 2.6 TB worth of information!
The analyst reports are overwhelming
Mossack Fonseca corporate uses 2 CMS, Drupal and WordPress. It appears that the updates of these 2 CMS have not been made: the website using Drupal remained outdated for 1 year while the one using WordPress remained outdated for 3 months. In addition, many plugins were not updated.
Knowing that more than 25 vulnerabilities were known during this time, websites were easily attacked by hackers. (Forbes)
It is also interesting to add that the version of Outlook used by Mossack Fonseca was not updated since 2009. The company believed that was safe because it was using encryption for their emails. But just one vulnerability is what it takes to get hacked.
How to protect yourself from this type of data breach?
Although the origin of the documents disclosure was not claimed, analysts have highlighted the many shortcomings in terms of security of the Mossack Fonseca agency.
In fact, each configuration error, each plugin installed or each human intervention can bring new security vulnerabilities. Yet many security software solutions are available for real-time monitoring of vulnerabilities. Among them, the focus must be on solutions that continuously and automatically detect vulnerabilities in order to be able to know your security risk and to be able to quickly fix them.
To sum up, a security solution must take into account known vulnerabilities and loose configurations which could compromise the company’s data integrity.