The Register: Careless engineer stored recovery codes in plaintext, got whole org pwned

Sep 15, 2025

—

Source URL: https://www.theregister.com/2025/09/15/ransomware_recovery_codes_plaintext/
Source: The Register
Title: Careless engineer stored recovery codes in plaintext, got whole org pwned

Feedly Summary: Cautionary tale from the recent SonicWall attacks
Failing to encrypt sensitive data leaves you wide open to attack. During the recent SonicWall attack spree, intruders bypassed multi-factor authentication (MFA) in at least one case, because a user’s recovery codes were left sitting in a plaintext file on their desktop.…

AI Summary and Description: Yes

Summary: The text highlights the critical importance of encrypting sensitive data and the vulnerabilities that arise when such measures are not implemented. It references actual incidents from the SonicWall attacks, emphasizing the failure to secure user recovery codes and the potential consequences of this negligence for professionals in security and compliance.

Detailed Description: The commentary on the SonicWall attacks serves as a significant reminder of the vulnerabilities associated with inadequate security practices in information technology. The failure to encrypt sensitive data can lead to severe security breaches, as illustrated by the ability of attackers to exploit weak points in user authentication mechanisms, such as multi-factor authentication (MFA). Key insights and implications include:

– **Vulnerability to Attacks**: Highlighting that even with MFA, breaches can occur if sensitive information, like recovery codes, is not adequately protected.
– **Importance of Encryption**: Reinforcing the necessity of encrypting sensitive data to mitigate risks associated with unauthorized access.
– **Real-World Consequences**: The SonicWall incident acts as a cautionary tale for organizations about the potential repercussions of lax security measures.
– **User Education**: Emphasizing the need to educate users about proper data handling and the importance of avoiding keeping recovery codes in easily accessible formats, such as plaintext files.

Overall, this content underscores the crucial intersections between information security practices and the safeguarding of sensitive data, which are vital for professionals working in security, compliance, and governance roles across organizations.

1 2 2025 5 a access Act AI All and as at ated attack attacker attackers attacks authentication authentication mechanisms Bi breach breaches by bypass C caution CI CIA co code compliance content core critical cross D data Data Handling de Desktop e education encryption Engineer exp exploit fact factor authentication factor authentication (MFA) fail file for g Gen GIS Go governance H handling high Highlight http HTTPS implications in incident information information security information security practices information technology insights inter io k keeping Key l least led left Li M measures MFA multi multi-factor authentication Multi-Factor Authentication (MFA) N negligence no o of on one ons open organization organizations oS oss out over per plaintext files point potential practices pre pro professionals ps Q R ransom ransomware rate RCE re real recovery red Risk risks Ro Role RoT s safe sec secure security security and compliance security breach security breaches security measure security measures security practices sensitive data sensitive information sequence Sig SoC SonicWall SonicWall attacks source SSE SSO stored T tech technology ted text the to Tor TP unauthorized access under US use user user authentication user education Users uth V vulnerabilities vulnerability Ware Wi world x z