A researcher from India had advised SolarWinds in November 2019 that he had found a public GitHub repository which was leaking the company's FTP credentials.
Vinoth Kumar, who describes himself as a part-time bounty hunter, said in a tweet: "Was reading about a sophisticated attack on FireEye leveraging SolarWinds. Hmmm, how that would [have] happened? Then realised their password was *****123 Rolling on the floor laughing #FireEye #SolarWinds."
He posted a screenshot of the email sent to SolarWinds on 19 November 2019.
Another poster on the same thread, Vicky Ray, a security researcher from Palo Alto Networks, pointed out that the malicious binaries which were implicated in the attacks using SolarWinds' Orion network management software, were signed.
However he conceded: "But yeah, what you shared is also pretty bad from SolarWinds."