Accenture's crucial data exposed

Accenture's crucial data exposed”

The exposed servers, which were hosted on Amazon S3 storage services, contained hundreds of GB of sensitive data, including secret API data, authentication credentials, certificates, decryption keys, customer information, and more.

Being somewhat reasonable about the situation, Beri added that "misconfigured buckets are often the result of innocent oversights that can otherwise be checked by automation in the form of access control and anomaly detection, as well as continued employee education".

The exposed data was found on 17 September by UpGuard director of Cyber Risk Research, Chris Vickery, who has made a large number of similar discoveries. The four servers were quietly secured the next day. Vickery has called the exposed data "keys to the kingdom", carrying potentially sensitive data of some of the world's biggest companies.

Each server contained a range of different types of credentials, including private signing keys that could be used to impersonate the company, and passwords - some of which were stored in plaintext.

This specific bucket contained a folder titled "Secure Store", which had not only configuration files for the Identity API, but also a plaintext document containing the master access key for Accenture's account with AWS's Key Management Service. The Upguard team claimed these could be used to subvert and spy on intercepted communications between the consultancy and its clients.

Upguard researchers say that the data potentially puts anyone using Accenture's Cloud Platform at risk.

Accenture may reveal more information in the future as it concludes its internal investigation to appease its corporate clients whose confidence in Accenture's ability to keep their private data safe may have been shaken by the UpGuard revelations. In one database, Vickery also discovered 40,000 passwords, majority plaintext.

Specifically, if hackers accessed the Accenture Cloud Platform software, used by its customers that "include 94 of the Fortune Global 100 and more than three-quarters of the Fortune Global 500", the exposed data could be used in critical secondary attacks against Accenture's clients.

Accenture isn't the first company to be stung by this kind of data exposure.

One bucket, "acpcollector", was used to store data that was needed to have visibility into, and maintenance of, Accenture's cloud stores.

Vickery said that Accenture was likely using the Amazon servers to migrate data from development to production.

There was no way to know for sure as doing so would fall foul of United States computer hacking laws, he said. In the hands of competent threat actors, these cloud servers, accessible to anyone stumbling across their URLs, could have exposed both Accenture and its thousands of top-flight corporate customers to malicious attacks that could have done an untold amount of financial damage. But one company said when they contacted Accenture, the company told them it was "not aware" of any breach or exposure.

None of the companies would speak on the record prior to publication.

Like this


11 October 2017
Today's Brokerage Rating: AcelRx Pharmaceuticals, Inc. (ACRX), Corning Incorporated (GLW)
INCY share have rallied by 14.39% in percentage terms since the start of the year - and retreated -14.62% in the last month. Sell-side analyst recommendations point to a short term price target of $83.89 on the shares of Guidewire Software, Inc.

11 October 2017
Noble Energy Inc. (NYSE:NBL) Broker Price Targets For The Coming Week
The active investment managers in our partner's database now hold: 437.54 million shares, up from 409.88 million shares in 2017Q1. Michigan-based Ls Inv Advisors Ltd Liability Co has invested 0.01% in TTM Technologies, Inc. (NASDAQ:TTMI) for 163,454 shares.

11 October 2017
Airain ltd Takes Position in Frontier Communications Corp (FTR)
Louisiana State Employees Retirement System has 0.02% invested in Frontier Communications Corp (NASDAQ: FTR ) for 306,000 shares. On average, equities analysts expect that Frontier Communications Corp will post ($0.25) EPS for the current fiscal year.

11 October 2017
Alibaba launches US$15b global R&D programme, to open lab in Singapore
The academy has also named a 10-member advisory board, which include professors from top universities in China and the United States.

11 October 2017
Jerry Jones said comments meant to take Cowboys out of anthem debate
The NFL game-operations manual says players "should" stand for the national anthem. The now-free agent remains unsigned by a team.

11 October 2017
Uber's India Rival Raises $1.1 Billion From Tencent, SoftBank
Tencent, for example, has invested in similar start-ups to Ola such as Indonesian ride-hailing app Go-Jek. Bhavish Aggarwal, chief executive officer and a founder of Ola said in a press statement.

11 October 2017
US Forces Drop 751 Bombs on Taliban and Daesh in September
This month, Defense Secretary James Mattis confirmed to Congress that those restrictions would be lifted under Trump's plan. It is a 50% increase from the 500 strikes carried out just last August.

11 October 2017
OnePlus allegedly collects personal details of smartphone users
It appears that the Chinese manufacturer is breaking consumers trust in a bid to provide them with improved after-sales support. The app cant be turned off since it is part of the System, but it can be manually disabled every time the phone is restarted.

11 October 2017
This Is Us Season 2, Episode 3 Recap: "Deja Vu"
She worries because it's his bad knee. "Kate, it's really hard for me with Dad", Kevin admits as their conversation nears its end. After boasting - and proving - that she knows Rocky by heart, Kate confides in Stallone what he meant to her father.

11 October 2017
Why Wellington Management Group Llp Reported Knight-Swift Transportation Holdings Inc Position?
Zacks Investment Research raised Swift Transportation from a "sell" rating to a "hold" rating in a report on Tuesday, July 18th. In related news, CFO Virginia Henkels sold 29,051 shares of the firm's stock in a transaction dated Tuesday, August 15th.