2 min read

Fortune 100 passwords, email archives, and corporate secrets left exposed on unsecured Amazon S3 server

Graham CLULEY

June 28, 2019

Fortune 100 passwords, email archives, and corporate secrets left exposed on unsecured Amazon S3 server

Some of the world’s biggest companies have had 750GB worth of their innermost secrets revealed on unsecured Amazon S3 buckets, available for anybody to download – no password required.

The startling revelation came from researchers at UpGuard, who discovered three publicly accessible Amazon S3 buckets related to Attunity, a leading provider of data integration and big data management software solutions, on May 13th 2019.

The fact that Attunity is at the centre of the security breach is a concern, simply because of its impressive list of customers. On its website, the company boasts that it counts more than 2,000 enterprises and half the Fortune 100 in its customer base.

According to screenshots published on UpGuard’s blog, Fortune 100 companies such as Netflix, Ford, and TD Bank were amongst those who had their data recklessly exposed.

For instance, the researchers discovered files containing the usernames and passwords of Netflix database systems, and internal Ford presentations.

To add to the concern, the vast haul of exposed data included credentials such as private keys.

In the hands of a determined criminal, such information could be put an organisation – and its customers and partners – in serious danger, as it’s quite feasible the integrity and confidentiality of data could be put at yet further risk.

What’s the point of spending a large proportion of your IT security budget on preventing hackers from gaining access to your network if an IT firm carelessly leaves them lying around on the internet for anybody to see?

Meanwhile, Attunity’s employees were also put at risk as the company’s own payroll and personal identification details were available to freely download.

Fortunately, the researchers responsibly reached out to Attunity and – after a short delay while the right contact was found (the business was just acquired by Swedish firm Qlik, a data analytics company, for close to US $600 million) – the leaky AWS S3 buckets are no longer publicly accessible.

Despite that, Attunity – or rather its new owners Qlik – will no doubt be having some difficult conversations about how this breach could have happened, and what steps it is putting in place to ensure that it never happens again.

What cannot be confirmed right now is whether UpGuard’s researchers were the first to notice that Attunity had left the data of major Fortune 100 companies accessible for anyone to download, or whether they were beaten to the post by criminals.

For the sake of all of the companies and individuals concerned, let’s hope Attunity dodged a bullet this time – although that will have been more down to good luck than having had the foresight to take sensible security measures in the first place.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Romance scammers arrested in Texas for defrauding elderly lonely hearts Romance scammers arrested in Texas for defrauding elderly lonely hearts
Graham CLULEY

September 28, 2021

3 min read
iCloud Private Relay Vulnerability Exposes User IP Addresses, Researchers Find iCloud Private Relay Vulnerability Exposes User IP Addresses, Researchers Find
Silviu STAHIE

September 27, 2021

1 min read
Bitcoin.org Compromised; Attackers Posted “Double Your Money” Announcement Bitcoin.org Compromised; Attackers Posted “Double Your Money” Announcement
Silviu STAHIE

September 27, 2021

1 min read