Blog Entry

Panama Paper Leak: Devastating Extent of Website Breach Due to a Poorly Maintained Website

Image
panama hack

Yet another good reason to apply regular patches to your website

A sensational data leak from the Panamanian law firm Mossack Fonseca has sent ripples across the world, that started by taking down Iceland PM Sigmundur Gunnlaugsson in the wake of an enormous 2.6-terabyte of data getting exposed due to poor website maintenance.

Drupal community is one of the best vibrant open source technology communities who constantly watch out for vulnerabilities and release patch updates for core and security in a timely manner. For once, the mammoth had to fall, Drupal faced one of its biggest security vulnerability dubbed as “Drupalgeddon” which affected every single site running on Drupal 7.31 or lower versions to be easily exploited via SQL injection.

Now looking at the curious case of Mossack Fonseca, the public website is run on WordPress which was outdated and our main victim here is the client portal website of Mossack Fonseca, https://portal.mossfon.com/, running on outdated Drupal, that still ironically boasts as “The Mossfon Client Information Portal is a secure online account that enables to access your corporate information anywhere and everywhere, with real time updates of your ongoing request.

This portal is still running on the notorious Drupal version responsible for “Drupalgeddon”. According to the Changelog file on the website, looks like the company did its update 3 years ago.

Image
changelog file

For a company that specializes in securing the secret transactions of its client, this is a big blow, it has failed on securing its IT assets and thereby leaving a big hole thus enabling hackers to easily gain entry into the most sensitive, secret account information of the most important personalities of the world.

The Lesson: Mossfon specialises in legal and trust services but failed to focus on securing IT landscape. Attacks targeting websites running on outdated versions of a CMS or using vulnerable plug-ins are getting more and more common.

If you’re interested in keeping your website safe and secure, talk to a Security specialist at Drupal Geeks today.  For you never know when a hack will cripple your online business!

Talk to one of our Drupal solution consultant today and sign up for an Annual Drupal maintenance contract to get a 15% discount.