Skip to main content

Outdated versions of WordPress and Drupal led to the Panama Papers leak

Panama Papers firm used old software
If you haven’t already learned the importance of updating your computer software, take a lesson from Mossack Fonseca. The Panamanian law firm that recently had 11.5 million documents leaked was using old client portal, email access, and website software, according to a reports with slightly different findings from Forbes and WP Tavern. No one knows for sure how the leak happened (except the person or persons behind it), but the obsolete software may have contributed to the world’s largest data breach ever, now referred to as the Panama Papers.

Politicians, financiers, and athletes around the world are disputing wrongdoing, resigning their posts, or working furiously to cover their tracks in the international blowback from the massive leak. Mossack Fonseca has denied any wrongdoing, but you can bet it is having hard talks with its IT personnel in the coming days.

Forbes reported Mossack Fonseca was running a three-month old version of WordPress web site software. However, when WP Tavern looked at the source code it found evidence the firm was using an even older version of WordPress (4.1), released in December 2014. Fifteen month old site software is ancient for web building, not just for updated design features, but especially because of the numerous critical security updates that are issued.

The Panamanian firm was also running three-year old version 7.23 of the open source client portal program, Drupal. Version 7.23 is notorious for its vulnerability according to WP Tavern, and since that release Drupal has issued 25 security updates. To top it all off, the firm’s unencrypted email was handled by a 2009 version of Microsoft Outlook Web Access.

While politicians scurry and in at least one instance a country is censoring any mention of the papers, the lesson for all of us is clear. Keep your software updated or someday every email you’ve ever sent, received or drafted, every document, image, or rough notes may be out there for the whole world to scrutinize.

Editors' Recommendations