The Panama Papers Hack: WordPress, Drupal may be at the core of the data leak

Made sense to you? Share it now!

The whole Panama Papers data leak may be hard to grasp by many people because of the sheer size and the tremendous amount of information dumped on the public at once.

We’re not going to attempt to discuss its consequences, but we’re going to focus on a series of clues left online that may lead some “smart” people to deduce how the hack took place in the first place.

While German newspaper Süddeutsche Zeitung didn’t reveal any information that would explain how the attacker obtained the data, security researchers easily discovered a few weak points in Mossack Fonseca’s Web infrastructure.

Mossack Fonseca used outdated WordPress, Drupal versions

The law firm was apparently using two different websites. A WordPress-powered presentational site and a Drupal-powered private client portal.

Researchers discovered that vulnerabilities in the Revolution Slider plugin used on the WordPress site allowed attackers to gain access to the firm’s email server from where they stole sensitive emails.

The biggest issues were found in the client portal, though, which was running on a three-year-old Drupal version (7.23), for which 25 different vulnerabilities currently exist.

Customers used this portal to upload and download personal documents, which means that, if compromised, attackers would have had access to Mossack Fonseca’s file server, from where the massive 2.5 TB of information could have originated.

Hackers stole EVERYTHING

All in all, 11.5 million files and documents for Mossack Fonseca’s entire company history were stolen, going back 40 years, to the moment when the company was founded.

Not shareable enough? READ  How to Recycle Your Content

Of course, all is just speculation at this point, and outside the “insider threat/whistleblower” scenario, this looks like the second best guess for what really happened.

Below is an infographic from Web security firm Barricade, which aggregates information from various sources and presents the Panama Papers leak in a much-simplified manner.

The Mossack Fonseca hack visually explained
View Source

Originally posted 2016-04-19 06:42:00.

Made sense to you? Share it now!

About The Author

Related posts


Not something you could not wait to read?

Drop that.

Try a random editor's pick from's 16k+ colorful collection, or scroll thru our infographic tweets, pins or instagram posts! We always have

something to open your eyes, if not make your day.


Dig "iN"