Economy

Accenture's crucial data exposed

Accenture's crucial data exposed”

The exposed servers, which were hosted on Amazon S3 storage services, contained hundreds of GB of sensitive data, including secret API data, authentication credentials, certificates, decryption keys, customer information, and more.

Being somewhat reasonable about the situation, Beri added that "misconfigured buckets are often the result of innocent oversights that can otherwise be checked by automation in the form of access control and anomaly detection, as well as continued employee education".

The exposed data was found on 17 September by UpGuard director of Cyber Risk Research, Chris Vickery, who has made a large number of similar discoveries. The four servers were quietly secured the next day. Vickery has called the exposed data "keys to the kingdom", carrying potentially sensitive data of some of the world's biggest companies.

Each server contained a range of different types of credentials, including private signing keys that could be used to impersonate the company, and passwords - some of which were stored in plaintext.

This specific bucket contained a folder titled "Secure Store", which had not only configuration files for the Identity API, but also a plaintext document containing the master access key for Accenture's account with AWS's Key Management Service. The Upguard team claimed these could be used to subvert and spy on intercepted communications between the consultancy and its clients.

Upguard researchers say that the data potentially puts anyone using Accenture's Cloud Platform at risk.

Accenture may reveal more information in the future as it concludes its internal investigation to appease its corporate clients whose confidence in Accenture's ability to keep their private data safe may have been shaken by the UpGuard revelations. In one database, Vickery also discovered 40,000 passwords, majority plaintext.

Specifically, if hackers accessed the Accenture Cloud Platform software, used by its customers that "include 94 of the Fortune Global 100 and more than three-quarters of the Fortune Global 500", the exposed data could be used in critical secondary attacks against Accenture's clients.

Accenture isn't the first company to be stung by this kind of data exposure.

One bucket, "acpcollector", was used to store data that was needed to have visibility into, and maintenance of, Accenture's cloud stores.

Vickery said that Accenture was likely using the Amazon servers to migrate data from development to production.

There was no way to know for sure as doing so would fall foul of United States computer hacking laws, he said. In the hands of competent threat actors, these cloud servers, accessible to anyone stumbling across their URLs, could have exposed both Accenture and its thousands of top-flight corporate customers to malicious attacks that could have done an untold amount of financial damage. But one company said when they contacted Accenture, the company told them it was "not aware" of any breach or exposure.

None of the companies would speak on the record prior to publication.



Like this

Latest


11 October 2017
Noble Energy Inc. (NYSE:NBL) Broker Price Targets For The Coming Week
The active investment managers in our partner's database now hold: 437.54 million shares, up from 409.88 million shares in 2017Q1. Michigan-based Ls Inv Advisors Ltd Liability Co has invested 0.01% in TTM Technologies, Inc. (NASDAQ:TTMI) for 163,454 shares.

11 October 2017
Alibaba launches US$15b global R&D programme, to open lab in Singapore
The academy has also named a 10-member advisory board, which include professors from top universities in China and the United States.

11 October 2017
Mini unveils 1499 GT special edition
Under the bonnet is a twin-turbo, three-cylinder engine that produces 101bhp and gets the hatchback from 0-60mph in 10.2 seconds. But now it's Mini's turn to try and pull a fast one - or not-so-fast one, as the case may be - in the form of the new 1499 GT.

11 October 2017
ZTE Blade Force launches on Boost Mobile for $130
The ZTE Blade Force comes with 16GB of internal storage, which can be further expandable memory of 128GB via a micro SD card. ZTE has launched a new entry-level Android smartphone for Boost Mobile , dubbed the Blade Force .

11 October 2017
Uber's India Rival Raises $1.1 Billion From Tencent, SoftBank
Tencent, for example, has invested in similar start-ups to Ola such as Indonesian ride-hailing app Go-Jek. Bhavish Aggarwal, chief executive officer and a founder of Ola said in a press statement.

11 October 2017
OnePlus allegedly collects personal details of smartphone users
It appears that the Chinese manufacturer is breaking consumers trust in a bid to provide them with improved after-sales support. The app cant be turned off since it is part of the System, but it can be manually disabled every time the phone is restarted.

11 October 2017
THOR: RAGNAROK New "Hela Good" Featurette
The Avengers finally did the character justice, thanks, in most part, to Mark Ruffalo's performance as Hulk alter-ego, Bruce Banner.

11 October 2017
This Is Us Season 2, Episode 3 Recap: "Deja Vu"
She worries because it's his bad knee. "Kate, it's really hard for me with Dad", Kevin admits as their conversation nears its end. After boasting - and proving - that she knows Rocky by heart, Kate confides in Stallone what he meant to her father.

11 October 2017
BlackRock Floating Rate Income (NYSE:BGT) Experiences Lighter than Usual Trading Volume
The Trust?s investment objective is to provide monthly income that is exempt from regular federal and California income tax. Northwestern Mutual Wealth Com owns 0% invested in BlackRock LT Municipal Advantage Trust (NYSE:BTA) for 5,500 shares.

11 October 2017
Why Wellington Management Group Llp Reported Knight-Swift Transportation Holdings Inc Position?
Zacks Investment Research raised Swift Transportation from a "sell" rating to a "hold" rating in a report on Tuesday, July 18th. In related news, CFO Virginia Henkels sold 29,051 shares of the firm's stock in a transaction dated Tuesday, August 15th.