Hackers reportedly used a compromised password in Colonial Pipeline cyberattack

An analysis of the cyberattack on Colonial Pipeline found that the hackers were able to access the company’s network using a compromised VPN password, Bloomberg reported. The hack led to a ransomware payout of $4.4 million, and resulted in gas prices around $3 per gallon for the first time in several years at US gas stations.

According to cybersecurity firm Mandiant, the VPN account didn’t use multi-factor authentication, which allowed the hackers to access Colonial’s network with a compromised username and password. It’s not clear whether the hackers discovered the username or were able to figure it out independently. The password was discovered among a batch of passwords leaked on the dark web, Bloomberg reported.

The breach occurred...

Continue reading…