. home.aspx



Orvis Passwords Leaked Twice on Pastebin

November 12, 2019 / Sarah Coble

Internal passwords belonging to American retailer Orvis were twice leaked online in a double data breach. Credentials belonging to the luxury fishing equipment purveyor were posted on the website Pastebin.com last month, according to investigative reporter Brian Krebs. A swathe of plaintext usernames and passwords relating to everything from firewalls and routers to database servers and even administrator accounts was exposed for several weeks. The leaked files from the Vermont-based retailer included credentials for security cameras, door controllers, door and alarm codes, and FTP credentials, and even showed the combination to a locked safe in the company's server room. Krebs was tipped off about the data breach in late October by Wisconsin-based security firm Hold Security. Company founder Alex Holden said an enormous file containing internal passwords relating to Orvis had been posted to Pastebin on October 4 and again on October 22.