Fired employee hacked into company’s computer system and deleted servers, causing it to lose S$918,000
www.channelnewsasia.com
The 39-year-old man, who was "confused and upset" after being fired, deleted 180 virtual servers from NCS' computer system.
    • Land_Strider@lemmy.worldEnglish
      591·
      6 months ago

      Which was also used repeatedly over the course of 3-4 months to gain access via a non-corporate laptop without the IT doing anything about it.

      • Zer0_F0x@lemmy.worldEnglish
        7·
        6 months ago

        I’ve been in IT for a few years and I’ve changed companies a few times. I just checked my login creds for various systems of 3 previous employers and like half of them still work. Unfortunately it’s a lot more common than any IT department would like to admit

  • aeronmelon@lemmy.worldEnglish
    631·
    6 months ago

    That might be slightly illegal.

    That person might be slightly doomed.

    Companies need to remember to change the login password BEFORE firing people with login passwords.

    • Pacmanlives@lemmy.worldEnglish
      6·
      6 months ago

      I mean kind of depends. I got a soft layoff so worked 6 months more and got 3 months pay for the transfer to India.

      I think best practices for highly secure environments is at the time of notice you lock the account and give that person 2 weeks off.

      Most normal company’s it’s cool work till your last day, do your exit interview and we lock your account on Friday afternoon or Monday

      Also you never want to change someone’s password on termination. What if their login is running some business critical tasks? Not best practices but I can tell you it happens a lot especially for reporting. If you lock the account you can always just reenable it and work to fix the issue

    • Potatos_are_not_friends@lemmy.worldEnglish
      4·
      6 months ago

      Last year, I tried my admin creds at my old job and it still worked. I was afraid of retaliation so I sent them a message from a throwaway email about changing their passwords.

      • KISSmyOSFeddit@lemmy.worldEnglish
        2·
        6 months ago

        Legally, it would have been better to send the mail from your personal account.
        Otherwise there’s a possibility that something happens to get fucked up right around the time you logged in, they pull the logs and find your access.
        Bam, motive and opportunity, and no way to provide an alibi.

  • thorbot@lemmy.worldEnglish
    445·
    6 months ago

    Company deserved it if they didn’t have backups and didn’t change the admin passwords

    • EatATaco@lemm.eeEnglish
      1042·
      6 months ago

      Classic victim blaming. They were asking for it. They didn’t deserve a malicious actor.

  • Landless2029@lemmy.worldEnglish
    14·
    6 months ago

    Question. Where does this “value” come from? Loss of business? Downtime? Labor loss due to people unable to work? Pull a number out of a hat?

    These servers had no production data on them. Ideally with a proper DR solution you just restore and presa charges.

    • CaptPretentious@lemmy.worldEnglish
      3·
      6 months ago

      I would guess man hours.

      Because it’s going to take time to put those servers back in production. Depending what they did it might have causing outage to external facing customers, which will have a higher impact than internal facing. But with that amount of money, it actually seems fairly low to me so I’m guessing they weren’t public facing servers.

      So it was probably the time that it takes to recreate all those servers get everything back up and running, and delayed work caused by the outage.

      That’s just my guess though