Hundreds of gigabytes of emails from Fortune 100 firms exposed online

Another misconfigured AWS server leaves company data exposed

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Leaving sensitive information publicly accessible on the web is a recipe for disaster and according to new report from cybersecurity firmUpGuard, that is exactly what the data management company Attunity did for Ford, Toronto-Dominion Bank and its other Fortune 100 clients.

Researchers at UpGuard discovered more than a terabyte of data left unsecured by the company last month onAWSservers which included its own passwords and network information as well as emails and designs from several of its high-profile customers.

As a data custodian, Attunity helps integrate information its clients have stored in various places so that it can be easily analyzed. Despite its status as an “Advanced Technology Partner' ofAmazon’s cloud division, the company failed to configure its cloud storage correctly and left all of the data it stored visible in plain text similar to how the digital platformCultura Colectivaleft Facebook user data unsecured.

Attunity’s data buckets contained files about Ford’s internal project plans as well as TD Bank invoices, agreements between it and the the company as well as files related to the type of technology solution Attunity was configuring for the bank.

Unsecured servers

While client files were exposed as a result of the incident, a large collection of Attunity’s own files pertaining to administrative and employee passwords to a number of systems, extensive employee email backups, a roadmap to the company’s virtual network and even personal information about its own employees.

According to UpGuard, the widespread presence oflogin credentialscould have led to a sizable data leak had it not informed the company about its discovery. Luckily though, the firm found no evidence that any bad actors had taken advantage of the information while it was accessible online.

After UpGuard informed Attunity about the incident, the company removed public access to the data buckets. However, several weeks passed before it asked the security firm more detailed questions about the data exposure.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

In ablog postdetailing its findings, UpGuard stressed that misconfigurations of cloud storage can lead to catastrophic damage to a company, saying:

“Attunity’s business is to replicate and migrate data into data lakes for centralized analytics. The risks to Attunity posed by exposed credentials, information, and communications, then are risks to the security of the data they process. While many of the files are years old, the bucket was still in use at the time detected and reported by UpGuard, with the most recent files having been modified within days of discovery.

“The chain of events leading to the exposure of that data provides a useful lesson in the ecology of a data leak scenario. Users’ workstations may be secured against attackers breaking in, but other IT processes can copy and expose the same data valued by attackers. When such backups are exposed, they can contain a variety of data from system credentials to personally identifiable information. Data is not safe if misconfigurations and process errors expose that data to the public internet.”

ViaFinancial Post

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Lego will let you build Sir Ernest Shackleton’s iconic lost ship, the Endurance, in its next Icons set