The SolarWinds attack is one of the most devastating cyberattacks in recent memory, and it was all caused by a weak password: solarwinds123. This password was left on GitHub account which was visible to the public. The SolarWinds attack tore through over 18,000 systems when an update for the software pushed malware to its users. The precise cause of the infiltration which let that malware get pushed out is still under investigation.
SolarWinds reported that they changed the password days after it was reported to them by an independent security researcher, but it’s currently unknown who knew of the password before it was corrected. Former CEO of SolarWinds, Kevin Thompson, said that the posting of the default password to GitHub was a mistake made by an intern and that it was caught by their internal security team and corrected.
Needless to say lawmakers weren’t impressed during the testimony provided by the tech industry, including former SolarWinds personnel.