One of the world’s biggest auditing and consulting firms, Deloitte revealed its significant data breach in September 2024, when it accidentally exposed its Apache Solr server to the internet. In that case, it was left unguarded using default login credentials and exposed to any user. Apache Solr, often used as a high-power search platform for indexing and searching large amounts of data, became an open door to Deloitte’s sensitive information because its security configuration was very weak.
This breach exposed the internal settings and other details, such as email addresses and sensitive communications, that occurred between intranet users. With Deloitte being the auditor of most large financial institutions and big corporations globally, leaked data can have drastic consequences on the clients and its in-house operations too.
When the incident was detected, the server was found to be indexed by the search engines. Thus, this breach was left all the more vulnerable. Hackers would have easily tracked down an open server once indexed. Attackers reportedly failed not to wait for Deloitte to secure the open server but accessed the server and downloaded the sensitive information immediately. What is worrying about this breach is that the compromised data, particularly internal communications, will give attackers insight into Deloitte’s inner workings-including maybe confidential information about its clients and operations.
It did not take long for evidence of the breach to reach the dark web, where the leaked information was circulating within the cybercrime community. Sample evidence from some scraped data were displayed on dark web forums, featuring samples of email communication and other internal system settings and network configurations. The proof of access quickly reached the cybersecurity researchers, who confirmed that Deloitte’s data is indeed compromised and actively traded or sold online.
This breach will have more implications. The leaked email addresses undoubtedly lead to phishing attacks on Deloitte’s employees and clients; and, probably, much more sophisticated cyberattacks, either social engineering or even more network intrusions, if internal settings and communications are exposed. Financial institutions and clients relying on Deloitte’s services may also be indirectly affected with the potential exposure of sensitive data through the compromised systems of Deloitte.
This incident therefore points to an imperative need for much-stronger security measures, especially when firms are dealing with information that holds utmost importance. It thus serves as a grave reminder of risks associated with misconfigured servers and the unwise use of default credentials. Beyond immediate financial damage and loss of reputation, Deloitte will probably face other aftermaths of this attack while further investigations into the attack scope continue to uncover details.