Deloitte hit by cyber-attack revealing clients’ secret emails
Exclusive: hackers may have accessed usernames, passwords and personal details of top accountancy firm’s blue-chip clients.
The Guardian understands Deloitte discovered the hack in March this year, but it is believed the attackers may have had access to its systems since October or November 2016.
The hacker compromised the firm’s global email server through an “administrator’s account” that, in theory, gave them privileged, unrestricted “access to all areas”.
The account required only a single password and did not have “two-step“ verification, sources said.