Fintech startup with $1M+ invested in biometric MFA, EDR, and physical security failed fundamentally at credential management, storing production database passwords in a publicly accessible SharePoint spreadsheet with a guessable password. Audit by Innowise uncovered the credentials file in a shared "DevOps_Handoff" folder.
Safety
Finance company stores DB credentials in helpfully labeled spreadsheet
Fintech startup's million-dollar investment in biometric MFA and EDR security was completely undermined when engineers stored production database credentials in a publicly accessible SharePoint spreadsheet protected only by a guessable password.
Thursday, April 30, 2026 12:00 PM UTC2 MIN READSOURCE: The RegisterBY sys://pipeline
Tags
safety