Story image

Accenture's data breach stark reminder of server misconfiguration dangers

11 Oct 2017

Global corporate consulting and management firm Accenture is now the subject of a major data breach after researchers from security firm UpGuard revealed the company had failed to secure at least four of its cloud-based storage servers, leaving information publicly downloadable.

The storage servers are believed to be part of Accenture Cloud Platform, which is used by many high-profile customers worldwide.

The servers, hosted on Amazon Web Services S3 storage buckets, contained confidential customer information, authentication credentials, certificates, decryption keys and secret API data.

According to UpGuard’s cyber resilience analyst Dan O’Sullivan, attackers could have harvested even more data that could be used to attack the company and its customers.

Fellow researcher Chris Vickory discovered the breach in September and promptly notified Accenture. The company secured all four servers the following day.

UpGuard says the breach demonstrates that even the largest enterprises can be caught by a breach, exposing sensitive data and risking severe damage.

RedLock CEO Varun Badhwar says the incident is unfortunate but not surprising, because cloud misconfigurations have led to many organisations inadvertently exposing services to the public.

“The fact that a large database of credentials was compromised in this breach creates additional opportunities for hackers to infiltrate the network. It’s imperative that any organisation facing this type of incident replace all compromised credentials immediately. But more importantly, they must vigilantly monitor their environments for intrusions by looking for suspicious activities to contain any potential breaches,” Badhwar comments.

The four storage buckets’ AWS subdomains ‘acp-deployment’, ‘acpcollector’, ‘acp-software’, and ‘acp-ssl’ all contained ‘significant’ internal company data, cloud platforms and configurations.

The ‘acp-deployment’ bucket appeared to store internal access keys and credentials for the Identity API, as well as a document that contained the master access key for AWS Key Management Service. It also included a document suspected to be the password for decrypting different files.

The ‘acpcollector’ bucket contained VPN keys for Accenture’s private network, as well as log information.

‘Acp-software’ was a large 137GB bucket that contained database dumps with the company’s Google and Azure account credentials, as well as credentials from some Accenture clients. Credentials included hashed and unhashed passwords.

Access keys for Enstratus, a cloud infrastructure management platform, are also exposed here, potentially leaking the data of other tools coordinated by Enstratus,” O’Sullivan says in a blog.

Data dumps from Accenture’s choice of event tracker, Zenoss, which records new user creation, IP addresses and JSession IDs are also part of the bucket.

 The ‘acp-ssl’ bucket contained key stores that could access different Accenture environments, including private keys and certificates.

O’Sullivan says that during the period the servers were open to public access, anyone who found the URLs could have caused major damage to the company.

“It is possible a malicious actor could have used the exposed keys to impersonate Accenture, dwelling silently within the company’s IT environment to gather more information. The specter of password reuse attacks also looms large, across multiple platforms, websites, and potentially hundreds of clients,” he says in the blog.

"Enterprises must be able to secure their data against exposures of this type, which could have been prevented with a simple password requirement added to each bucket.”

“How can we ensure all of our systems are configured as they need to be, even at scale? Until such enterprises can trust that their systems are only accessible as needed, hugely damaging exposures of this type will persist, exposing us all to the brunt of cyber risk.”

Bluzelle launches data delivery network to futureproof the edge
“Currently applications are limited to data caching technologies that require complex configuration and management of 10+ year old technology constrained to a few data centers."
DDN completes Nexenta acquisition
DDN holds a suite of products, solutions, and services that aim to enable AI and multi-cloud.
Trend Micro introduces cloud and container workload security offering
Container security capabilities added to Trend Micro Deep Security have elevated protection across the DevOps lifecycle and runtime stack.
Veeam joins the ranks of $1bil-revenue software companies
It’s also marked a milestone of 350,000 customers and outlined how it will begin the next stage of its growth.
Veeam enables secondary storage solutions with technology partner program
Veeam has worked with its strategic technology alliance partners to provide flexible deployment options for customers that have continually led to tighter levels of integration.
Veeam Availability Orchestrator update aims to democratise DR
The ability to automatically test, document and reliably recover entire sites, as well as individual workloads from backups in a completely orchestrated way lowers the total cost of ownership (TCO) of DR.
Why flash should be considered the storage king
Not only is flash storage being used for recovery, it has found a role in R&D environments and in the cloud with big players including AWS, Azure and Google opting for block flash storage options.
NVIDIA's data center business slumps 10% in one year
The company recently released its Q1 financial results for fiscal 2020, which puts the company’s revenue at US$2.22 billion – a slight raise from $2.21 billion in the previous quarter.