Content, Governance, Risk and Compliance, Breach, Channel partners, MSSP

Amazon AWS Cloud Data Leak: Accenture IP Exposed

Accenture exposed mission critical intellectual property (IP) via an Amazon Web Services (AWS) cloud leak, according to the UpGuard Cyber Risk Team. UpGuard discovered the leak in September 2017, alerted Accenture and the AWS leak was closed within a day.

If left open, the leak could have caused massive damage. According to UpGuard, the leak involved:

  • At least four cloud-based storage servers that were unsecured and publicly downloadable.
  • Those server  exposed secret API data, authentication credentials, certificates, decryption keys, customer information, and more data that could have been used to attack both Accenture and its clients.
  • The servers’ contents appear to be the software for the corporation’s enterprise cloud offering, Accenture Cloud Platform, a “multi-cloud management platform” used by Accenture’s customers, which “include 94 of the Fortune Global 100 and more than three-quarters of the Fortune Global 500.”

That Accenture data, in theory, could have been used for critical secondary attacks against the company's clientele, UpGuard asserts.

Top MSSPs, Big Brands Suffer AWS Cloud Leaks

Accenture is the third Top 100 MSSP to suffer a high profile breach or data leak in recent weeks. The others were Deloitte and Verizon Communications.

AWS cloud leaks, in particular, have earned multiple headlines in recent months. Additional AWS-related leaks in 2017 have included:

Generally speaking, the high-profile AWS leaks involve user error rather than technology breakdowns at Amazon. However, it's becoming clear that AWS may need to more effectively educate users about security settings, proper configuration and more.
Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.