Asus is having a rough week, and it doesn’t look like it will get better anytime soon.
First, hackers used their software update system to install malware on to millions of Windows computers in an attack, dubbed Operation ShadowHammer. Now, it’s been revealed that, months ago, a security researcher warned Asus that employees were improperly sharing their corporate email passwords on GitHub.
Security researchers reportedly discovered at least three instances in which Asus employees shared their company passwords. In one case, an Asus engineer left his password publicly exposed for at least a year.
Although the researcher’s finding would not have stopped the hackers who targeted Asus’ software update tool, it does highlight an enormous lapse in security that could potentially put the company at risk for future attacks.