Orvis Passwords Leaked Twice on Pastebin

Orvis Passwords Leaked Twice on Pastebin

Internal passwords belonging to American retailer Orvis were twice leaked online in a double data breach. 





Credentials belonging to the luxury fishing equipment purveyor were posted on the website Pastebin.com last month, according to investigative reporter Brian Krebs





A swathe of plaintext usernames and passwords relating to everything from firewalls and routers to database servers and even administrator accounts was exposed for several weeks. 





The leaked files from the Vermont-based retailer included credentials for security cameras, door controllers, door and alarm codes, and FTP credentials, and even showed the combination to a locked safe in the company's server room. 





Krebs was tipped off about the data breach in late October by Wisconsin-based security firm Hold Security. Company founder Alex Holden said an enormous file containing internal passwords relating to Orvis had been posted to Pastebin on October 4 and again on October 22.





Holden's finding was corroborated by 4iq.com, a company that aggregates information from leaked databases online. However, a spokesperson for Orvis would only acknowledge that one much shorter breach had occurred.





Orvis spokesperson Tucker Kimball told Krebs: "The file contains old credentials, so many of the devices associated with the credentials are decommissioned and we took steps to address the remaining ones. 





"We are leveraging our existing security tools to conduct an investigation to determine how this occurred."





Orvis is America's oldest mail-order retailer and was founded in 1856. The company has 69 retail stores and 10 outlets in the U ..

Support the originator by clicking the read the rest link below.