The Aug. 4 communication informed partners of a significant attack that resulted in unauthorized administrator accounts being created inside end-client servers.

Aldrin Brown, Editor-in-Chief

October 5, 2016

2 Min Read
Email From Continuum CEO Michael George Advising Partners About Cyberattack
Continuum CEO Michael George

Dear (Partner),

Over the past several days we have been working with a set of our partners regarding a security vulnerability at end client sites where partners utilized Continuum’s legacy IP Scanner tool. This tool created an admin account called SAAZDEPUSR, and the user credentials for that account were compromised and leaked online.

As part of our investigation, we have also noticed suspicious activity on sites not associated with the legacy IP Scanner tool. We have observed unauthorized admin accounts that have been created at sites.  We don’t know if this is related to the original issue, but as a result we are paying closer attention to all sites and noting any suspicious activity and investigating as needed.

As a result, we are strongly recommending that all partners check for suspicious activity and any fraudulent administrative accounts, system accounts, or any accounts with elevated privileges at all client sites. In addition, consider closing all ports that are not needed for you to conduct business.  

We have a list of known suspicious accounts posted and we are running a script to disable known suspicious accounts. We have also created a script to display all users across all of your sites so you can review and validate each more easily. Here is a link to the report instructions.

In some cases, we have observed open RDP access and other security settings that should be tightened immediately. Based upon our initial findings, we’ve posted actionable recommendations that you should take immediately. 

True remediation and protection requires us to work hand-in-hand together as partners.  We will continue to take action moving forward and we strongly urge you to:

  • Take independent and aggressive action to contain this security incident in the way you would contain any security incident. 

  • Pay close attention to the regular updates and recommendations that we are posting and follow those recommendations wherever applicable.

  • Review the laws and regulations that are applicable to you and your clients’ businesses and determine whether to communicate to your clients.

These kinds of attacks are increasingly part of the digital world we live in. As your partner, we will continue to work aggressively with our expert forensic firm and the FBI to investigate the situation. The Information Security page will be updated regularly and please reach out to your account team with questions.


Michael George


Continuum Managed Services



Send tips and news to [email protected].

Read more about:


About the Author(s)

Aldrin Brown

Editor-in-Chief, Penton

Veteran journalist Aldrin Brown comes to Penton Technology from Empire Digital Strategies, a business-to-business consulting firm that he founded that provides e-commerce, content and social media solutions to businesses, nonprofits and other organizations seeking to create or grow their digital presence.

Previously, Brown served as the Desert Bureau Chief for City News Service in Southern California and Regional Editor for Patch, AOL's network of local news sites. At Patch, he managed a staff of journalists and more than 30 hyper-local and business news and information websites throughout California. In addition to his work in technology and business, Brown was the city editor for The Sun, a daily newspaper based in San Bernardino, CA; the college sports editor at The Tennessean, Nashville, TN; and an investigative reporter at the Orange County Register, Santa Ana, CA.


Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like