Orvis, a retailer specializing in high-end fly fishing, hunting and sporting goods, leaked hundreds of internal passwords on Pastebin for several weeks in October. Credentials the company used to manage including everything from firewalls to administrator accounts were exposed, although Orvis claims that many of the credentials were already expired.
This enormous passwords file was posted to Pastebin—a website where you can store text online for a set period of time—on two separate occasions, the first being on Oct. 4, and the second Oct. 22, a finding that was corroborated by 4iQ. It is believed that this exposure may have originated from a third party, highlighting a trend of exposures created not by the victims, but by “trusted partners.”
Long gone are the days when one could post something for a few hours to a public document hosting service and expect nobody to notice. Today there are a number of third-party services that regularly index and preserve such postings, regardless of how ephemeral those posts may be.