Splunk, a utility that allows IT administrators to search and analyse their organisation’s log files, has issued a warning to some of its users that their passwords were exposed by accident.
I wasn’t able to find mention of the incident on Splunk’s website, but a few affected users have Twittered about it, and a Clu-blog reader forwarded me an email from Splunk that tells more of the story:
Recently, some debug code was unintentionally implemented on the production splunk.com website which exposed a small number of passwords in our web server’s error log. The splunk.com team has corrected the issue and has improved their change process to prevent similar issues from occurring in the future.
In an abundance of caution, we have reset all affected users’ passwords and cleared all affected users’ active sessions on splunk.com. Your new temporary password has been emailed to the email address associated with your splunk.com account. We recommend that you…
Read more in my article on the Naked Security website.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.