Subscribe To Our Daily Enewsletter:

Amazon AWS Cloud Data Leak: Accenture IP Exposed

Accenture exposed mission critical intellectual property (IP) via an Amazon Web Services (AWS) cloud leak, according to the UpGuard Cyber Risk Team. UpGuard discovered the leak in September 2017, alerted Accenture and the AWS leak was closed within a day.

If left open, the leak could have caused massive damage. According to UpGuard, the leak involved:

  • At least four cloud-based storage servers that were unsecured and publicly downloadable.
  • Those server  exposed secret API data, authentication credentials, certificates, decryption keys, customer information, and more data that could have been used to attack both Accenture and its clients.
  • The servers’ contents appear to be the software for the corporation’s enterprise cloud offering, Accenture Cloud Platform, a “multi-cloud management platform” used by Accenture’s customers, which “include 94 of the Fortune Global 100 and more than three-quarters of the Fortune Global 500.”

That Accenture data, in theory, could have been used for critical secondary attacks against the company’s clientele, UpGuard asserts.

Top MSSPs, Big Brands Suffer AWS Cloud Leaks

Accenture is the third Top 100 MSSP to suffer a high profile breach or data leak in recent weeks. The others were Deloitte and Verizon Communications.

AWS cloud leaks, in particular, have earned multiple headlines in recent months. Additional AWS-related leaks in 2017 have included:

Generally speaking, the high-profile AWS leaks involve user error rather than technology breakdowns at Amazon. However, it’s becoming clear that AWS may need to more effectively educate users about security settings, proper configuration and more.
Return Home

2 Comments

Comments

    Todd Bernhard:

    Thanks for doing the good work. Regarding your big question “can anyone properly configure AWS security?” the answer is yes, but just like having a nice strong secure home but leaving the door unlocked, you have to lock down your data, in this case, S3 Buckets. We created a free tool, S3Checkr.com so companies can test the public permissions of their S3 Buckets at no charge. We all need to do our part to make the cloud secure. Lock your doors, and check your buckets.

      Joe Panettieri:

      Hey Todd: Thanks for the heads up S3Checkr.com. Keep us posted on adoption, milestones, updates, etc.
      -jp

Leave a Reply

Your email address will not be published. Required fields are marked *