Published On: Tue, Oct 10th, 2017

Mega Leaks Continue as Accenture Exposes “Keys to a Kingdom” – Some of a World’s Largest Companies Could Be Affected

More and some-more of data! Yet another hulk classification has now reliable exposing supportive information to a public. Accenture, a record and cloud giant, has pronounced that it inadvertently left a vast trove of private information opposite 4 cloud servers, potentially exposing supportive passwords and private decryption keys. The servers were hosted on Amazon’s S3 storage when a confidence researcher detected 4 AWS S3 storage buckets configured for open access, leaking inner emails, passwords, patron data, and supportive documents.

Accenture is a tellurian government consulting association that claims to yield “strategy, consulting, digital, record and operations services” to a infancy of a Forture 100, that means this information that was in hundreds of gigabytes could put those vast companies during risk too. The unprotected servers were not usually permitted though didn’t need a cue while containing supportive data, including plaintext login details.

data-breachRelated Apache Struts Security Flaw That Equifax Failed to Patch Responsible for Hack

Chris Vickery, executive of cyber risk investigate during UpGuard, initial detected this information and secretly supportive Accenture of a bearing final month. The 4 unprotected servers were cumulative a subsequent day. Vickery has called a unprotected information “keys to a kingdom,” carrying potentially supportive information of some of a world’s biggest companies.

“It is probable a antagonistic actor could have used a unprotected keys to burlesque Accenture, home silently within a company’s IT sourroundings to accumulate some-more information. The ghost of cue reuse attacks also looms large, opposite mixed platforms, websites, and potentially hundreds of clients.”

Accenture cloud information trickle was in hundreds of gigabytes; association is during a “downplaying stage” and hasn’t alerted any of a clients

Upguard researchers contend that a information potentially puts anyone using Accenture’s Cloud Platform during risk. Among other data, researchers also found Accenture’s master keys for a AWS Key Management System (KMS), that could give enemy full control over encrypted information stored on Amazon’s servers by a association and should be deliberate compromised.

The largest of these servers contained over 137 gigabytes of data, including databases of login certification of not usually inner accounts though Accenture customers’ as well. In one database, Vickery also detected 40,000 passwords, many of them plaintext.

As has turn customary, Accenture is perplexing to downplay a astringency of this information bearing claiming that no patron information was affected. However, researchers who initial saw this unprotected information don’t determine with a company’s narrative.

equifax-hackRelated MASSIVE Breach: Social Security Numbers Other Personal Data of Over 143 Million Americans Stolen from a Credit Reporting Firm

“Taken together, a stress of these unprotected buckets is tough to overstate,” Upguard pronounced in an advisory published today. “In a hands of efficient hazard actors, these cloud servers, permitted to anyone stumbling opposite their URLs, could have unprotected both Accenture and a thousands of top-flight corporate business to antagonistic attacks that could have finished an infinite volume of financial damage.”

About the Author

Leave a comment

XHTML: You can use these html tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>