The Weakest Link

According to an article at Cult Of Mac, one of Apple’s suppliers, Quanta, posted Powerpoint documents with instructions on how to log in to a database containing confidential Apple documents on new, yet to be announced products.

Apparently, the document contains default credentials, which it says, the business partner should change after they log in the first time.  All Quanta suppliers were given the same initial default password.

Unfortunately for Apple, details on several products were compromised.

In addition, a quick Google search using the search terms “Quanta Confidential” and “.ppt” pulled up a number of other Quanta confidential documents, according to Cult Of Mac.

The moral of this story is that people will find the weakest link in the chain to attack you and if that is a supplier, that is OK.  The Target and Home Depot attacks started this way.

Part of your enterprise risk management plan should be to manage risk that is located with third parties that have access to your confidential information.  After all, from your point of view, if a hacker gets your confidential information, the pain is no less if the information was stolen from one of your vendors than if it was stolen from you.  Another part of your ERM plan should be to make sure that if your business partners are the source of leaks, that they have the needed insurance to make you whole and have an incident response plan to deal with the situation.

Regarding Quanta and Apple, Cult of Mac reached out to both of them with no response.  However, the default passwords no longer work.

As a suggestion, you might want to Google your own company followed by one of a set of words, appropriate to your organization such as [company] confidential or [company] proprietary to see what comes up.