

That could have been a Jabber client, or Android and iPhone apps such as Signal, Telegram or Wickr. After the leaker pilfered the information and shifted it to their own servers, they made initial contact with Bastian Obermayer, journalist at Süddeutsche Zeitung (SZ), through encrypted chat. Whatever weakness was exploited by the leaker, for at least a year, the company didn't notice the breach, or did not issue a public alert. On its site, the company claims: "Your information has never been safer than with Mossack Fonseca's secure Client Portal." That boast now looks somewhat misguided. It remains a valid route for hackers to try to get more data from the firm and its customers. That critical vulnerability may have been open for more than two-and-a-half years on Mossack Fonseca's site, if it hadn't been patched at the time without updating website logs. Back in 2014, Drupal warned of a swathe of attacks on websites based on its code, telling users that anyone running anything below version 7.32 within seven hours of its release should have assumed they’d been hacked.

Its emails were not encrypted, according to ACLU privacy and encryption expert Christopher Soghoian, whilst its websites were peppered with potential weaknesses, ripe for any willing hacker.įORBES discovered the firm ran a three-month old version of WordPress for its main site, known to contain some vulnerabilities, but more worrisome was that, according to Internet records, its portal used by customers to access sensitive data was most likely run on a three-year-old version of Drupal, 7.23. That platform has at least 25 known vulnerabilities at the time of writing, two of which could have been used by a hacker to upload their own code to the server and start hoovering up data.
#How to use veracrypt with amazon drive full#
(Its full response to those allegations, which it largely denies, can be found here). Now it's in the media spotlight, Mossack Fonseca is being mocked for alleged poor security practices, as well as facing accusations it facilitated widespread tax avoidance, even where criminal proceeds were involved. Mossack Fonseca did not respond to repeated requests for comment on the breach, though director Ramon Fonseca told Reuters the hack was "limited" and complained of an "international campaign against privacy," despite the significant amount of data that was siphoned out of the organization. In a letter, dated April 1 and posted on Wikileaks' Twitter profile, the firm told customers it was investigating an email server hack. A leaked message to customers would indicate it all started with a typical hack, a preventable one at that.
