One of the largest data breaches to journalists in years may have come about by running a WordPress Revolution Plugin on the site that was hacked. Mossack Fonseca (MF) is a Panama law firm who is at the hub of the breach and could have been made vulnerable due to this plugin running on their site. This is no small data breach as it has brought down several huge names such as the Prime Minister of Iceland and also the president of Russia. Other names that have been leaked in this huge breach of security are those of the Prime Minister of Britain and other huge names in politics.
How did this happen?
The consensus is that the law firm was allowing their clients access to data through a corrupted site that was running this particular plugin. This particular plugin is vulnerable to hackers up to the version of 3.0.95. The company was running the 2.1.7 version on their WordPress site. This left them wide open for hackers to come in and break open their information they had for all to see.
Now it seems that the law firm has finally put their site behind a firewall so they are not as vulnerable to attack as they were before. That will help to protect their information from hackers or those who would exploit the information for their own gain.
Company IT Now
It seems they are still running the most common plugin to be hacked and it is still one of the most vulnerable versions of the program. Things that went wrong included their web server being unprotected, the clients having a log-in for sensitive data that could be hacked and their email and web servers were the same. All of these lead up to the breach of information.
It is believed that the hackers created a robot that went digging through the site, exploited those breaches opened, and took the information.
There are things that still need to be done to avoid this in the future and MF has learned the hard way that they need to be done sooner, rather than later. This breach has been one of the largest among the history of journalist information breaches and is still naming names for the information leaked.