What caused the Panama Papers hack?

By on
What caused the Panama Papers hack?

A zero-day flaw in Drupal is now being said to be how hackers penetrated the network of law firm Mossack Fonseca and siphoned out more than 11.5 million files, according to The Hacker News.

The theft of around 2.6 terabytes of data in what is now being termed the Panama Papers – which revealed confidential details of individuals' tax-avoidance schemes and implicated 72 heads of state – was originally believed to be the result of an unpatched vulnerability in the widely used open source Drupal content management system.

Critical patches were scheduled to be released on Wednesday to address a number of security issues in Drupal contributed modules used on between 1,000 and 10,000 sites, including several highly critical remote code execution (RCE) flaws. 

In an advisory, the Drupal Security Team advised users to update modules ASAP as "exploits are expected to be developed within hours/days."

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register


The channel is a juicy hacking target - are you improving security?
YES - recent attacks on MSPs spurred us to action
YES - we're ALWAYS improving our security stance
YES - we've noticed new forms of attack
NO - we're confident our past efforts are enough, but are always vigilant
NO - we don't see the need for change at this time
View poll archive

Log In

Username / Email:
  |  Forgot your password?