Exploit: Credential Compromise
Oldsmar Water Treatment: Municipal Water System Plant
Risk to Small Business: 2.022 = Severe
In an attack that made national headlines, bad actors are suspected of using stolen credentials to access operational systems at a Florida wastewater treatment plant. The attackers likely used remote access software to enter the operations system with the intent of changing the level of sodium hydroxide, more commonly known as lye, in the water from 100 parts per million to 11,100 parts per million. Other systems detected the chemical change and stopped it before anyone was hurt. Officials suspect that the compromised credentials may have been part of a huge 2017 data dump.
Individual Risk: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Recycled, reused, and weak passwords can cause trouble for years, and that’s especially dangerous when they give access to critical infrastructure like this.