Most hacks don't hit the headlines, but when it's the US Government's HealthCare.gov that's hacked, you can be sure it'll make the news. A hacker, still unknown to authorities, recently compromised the HealthCare.gov's insurance enrolment website. According to the Department of Homeland Security, once the hacker had gained access, they proceeded to upload malicious software to target the site's visitors.
If it wasn't such a serious breach, the attack vector would be comical, with the 'hacker' gaining access simply by using the default password that hadn't been changed. The reason for the 'oversight' was that the server was in a 'test environment' used by the development team.
An investigation was said to have concluded that no personal data was illegally accessed during the attack, but it's yet another example of organizations being compromised for not taking the most-basic of security measures by simply using strong passwords to protect business critical systems.
No matter how stressful, time-pressured or complex development projects may become, it’s crucial to give proper consideration to the security that underpins them. While it may seem like an acceptable shortcut, cutting corners on security can end up costing more time in the long run and do untold reputational damage should weaknesses be exploited. Neglecting security during a development is a common fault that hackers are only too keen to exploit - the US Government being the latest red-faced victim. If you have a test environment within your business, ensure that your developers take the same precautions that you'd expect them to take with live websites - and protect access with strong passwords.