SolarWinds is back in trouble after a shareholder lawsuit accused the company of poor security practices, which they say allowed hackers to break into at least nine US government agencies and hundreds of companies.
The lawsuit said SolarWinds used an easily guessed password "solarwinds123" on an update server, which was subsequently breached by hackers "probably of Russian origin." Former SolarWinds CEO Sudhakar Ramakrishna, speaking at a congressional hearing in March, blamed an intern for the bad password.
There are countless cases of companies suffering the consequences of violations caused by suppliers and contractors throughout the supply chain.
Experts are still trying to understand how hackers broke into SolarWind's servers. But the weak password reveals broader issues about the company's security practices, including how the easily guessable password was allowed to be set to begin with.
Even if the intern is at fault, SolarWinds still faces what is known as vicarious liability, and that can lead to hefty penalties.