Content, Breach

AWS Cloud Data Leak: Qlik’s Attunity Exposes Backup Information

Data management software provider Attunity now owned by Qlik, left massive amounts of backup data exposed on Amazon Web Services (AWS), according to the UpGuard Data Breach research team. The exposure surfaced roughly around the time that Qlik finalized its Attunity acquisition for $560 million.

The Attunity exposure appears to involve each of those issues. According to a statement from UpGuard:

"The UpGuard Data Breach Research team can now disclose that a set of cloud storage buckets utilized by data management company Attunity have been secured from any future malicious action. Attunity, recently acquired by business intelligence platform Qlik, provides solutions for data integration. An UpGuard researcher discovered three publicly accessible Amazon S3 buckets related to Attunity. Of those, one contained a large collection of internal business documents. The total size is uncertain, but the researcher downloaded a sample of about a terabyte in size, including 750 gigabytes of compressed email backups. Backups of employees’ OneDrive accounts were also present and spanned the wide range of information that employees need to perform their jobs: email correspondence, system passwords, sales and marketing contact information, project specifications, and more."

Read between the lines, and Attinuty apparently locked down the AWS buckets after UpGuard alerted the company to the issue.

The data exposure reinforces several challenging trends in cybersecurity. Chief among them:

  1. Customers continue to misconfigure or poorly configure public cloud services and associated security settings.
  2. M&A buyers and sellers have to be especially careful as they try to integrate teams, IT systems and data privacy commitments.
  3. Human error rather than vulnerabilities remain a major factor in data exposure issues.

AWS Public Cloud Data Leaks: Who Exposed Data?

Numerous companies and organizations have accidentally exposed data via AWS cloud services. The exposure list includes:

  • August 2018: An AWS S3 error exposed GoDaddy configuration data from thousands of servers, UpGuard cyber risk management said.
  • May 2018: A non-profit organization in Los Angeles County misconfigured an AWS S3 cloud bucket — leaving 3 million records and highly sensitive health information exposed.
  • February 2018: FedEx customer identification records were discovered on an unsecured Amazon Simple Storage Service (S3) cloud server, Kromtech Security Center reported.
  • October 2017: Accenture Cloud mission critical intellectual property (IP) was exposed via an Amazon Web Services (AWS) cloud leak.
  • September 2017: More than 4 million Time Warner Cable customer records were exposed via an AWS cloud leak.
  • July 2017: A World Wrestling Entertainment (WWE) database leak exposed the personal information of more than 3 million users.
  • July 2017: About 2.2 million Dow Jones subscribers were affected by a data leak that occurred due to a misconfigured AWS cloud account.

AWS Public Cloud Data Leaks: Improving Cybersecurity

Amazon has taken several steps to help customers configure and lock-down their AWS workloads. The example moves include:

  • Numerous cloud security developments surfaced at this week's AWS re:Inforce 2019 conference in Boston. Numerous Top 100 MSSPs were on hand.
  • Amazon unveiled AWS Control Tower earlier this week. The software tool that allows MSPs, partners and customers to set up and govern a multi-account Amazon Web Services environment. Early adopters include Slalom Consulting, a well-known IT consulting firm.
  • The company unveiled AWS Security Hub in November 2018. Numerous cybersecurity companies -- including endpoint protection, firewall and MDR (managed detection and response) firms -- now integrate with the security hub.

Those all sound like steps in the right direction -- potentially driving down one of the biggest risks in IT security: Human error.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.