201706 Mar

Solarwinds sends customers each others' complete client lists


An email sent by Solarwinds to customers admitted to the issue: We recently observed some isolated, unusual activity related to your account linked to the latest software update of the RMM dashboard. These devices were identified by client and site names, providing roughly 100 companies within the same sector with fairly rich data on their competitors work. The general response to this breach has been one of fury, though several individuals additionally confirmed to The Register that they had been enjoying taking a thorough look at their competitors and inferring a lot about them and their practices. Most affected companies that had been in touch with The Register complained that Solarwinds had yet to respond to their complaints, while account managers at the Texas business have yet to offer anything other than a copy-and-paste response to their concerns. A bug in the RMM EMEA dashboard in this software update created dashboard-generated emails that included limited customer information to a small set of MSPs/VARs not affiliated with those accounts.

Source: Theregister