SolarWinds Officials Throw Intern Under the Bus for ‘solarwinds123’ Password Fail
The SolarWinds drama just won’t stop. It’s a tale of Russian hackers’—and potentially Chinese hackers’—alleged email spying, and a gaping hole of security vulnerabilities that seems to get worse as more details come to light. Now, we can add yet another twist to the story: the laughably insecure password “solarwinds123.” In this last case, SolarWinds would like you to know that it was the intern’s fault.
In a joint hearing on Friday, former SolarWinds CEO Kevin Thompson told representatives from the House Oversight and Homeland Security Committees that the “solarwinds123” password, which protected a server at the company, was “related to a mistake an intern made, and they violated our password policies.” Thompson explained to lawmakers that the intern had posted the password on their own private GitHub account.
“As soon as it was identified and brought to the attention of my security team, they took that down,” Thompson said.