For days or even weeks, the deepest, darkest secrets kept within the private IT infrastructure of Universal Music Group had laid exposed. But who knew, what information they gathered and how they will use it against artists and the world’s biggest music company, remains a major unknown.
Earlier this month, a German security researcher for the cyber-security firm Kromtech discovered and then helped plug a gaping whole in the tech infrastructure of Universal Music Group.
In a report, made public this week, security expert Bob Diachenko says that an open server was exposing FTP credentials, AWS configuration details (secret access keys and passwords), SQL passwords, and internal source code for Universal Music’s IT network.
“This leak of highly sensitive information took place because a third-party contractor that was managing a part of Universal’s IT systems had deployed an instance of an Apache Airflow server without securing it with a password,” according to Bleeping Computer, who broke the story.