sb-as logo
Story image

Accenture's data breach stark reminder of server misconfiguration dangers

11 Oct 2017

Global corporate consulting and management firm Accenture is now the subject of a major data breach after researchers from security firm UpGuard revealed the company had failed to secure at least four of its cloud-based storage servers, leaving information publicly downloadable.

The storage servers are believed to be part of Accenture Cloud Platform, which is used by many high-profile customers worldwide.

The servers, hosted on Amazon Web Services S3 storage buckets, contained confidential customer information, authentication credentials, certificates, decryption keys and secret API data.

According to UpGuard’s cyber resilience analyst Dan O’Sullivan, attackers could have harvested even more data that could be used to attack the company and its customers.

Fellow researcher Chris Vickory discovered the breach in September and promptly notified Accenture. The company secured all four servers the following day.

UpGuard says the breach demonstrates that even the largest enterprises can be caught by a breach, exposing sensitive data and risking severe damage.

RedLock CEO Varun Badhwar says the incident is unfortunate but not surprising, because cloud misconfigurations have led to many organisations inadvertently exposing services to the public.

“The fact that a large database of credentials was compromised in this breach creates additional opportunities for hackers to infiltrate the network. It’s imperative that any organisation facing this type of incident replace all compromised credentials immediately. But more importantly, they must vigilantly monitor their environments for intrusions by looking for suspicious activities to contain any potential breaches,” Badhwar comments.

The four storage buckets’ AWS subdomains ‘acp-deployment’, ‘acpcollector’, ‘acp-software’, and ‘acp-ssl’ all contained ‘significant’ internal company data, cloud platforms and configurations.

The ‘acp-deployment’ bucket appeared to store internal access keys and credentials for the Identity API, as well as a document that contained the master access key for AWS Key Management Service. It also included a document suspected to be the password for decrypting different files.

The ‘acpcollector’ bucket contained VPN keys for Accenture’s private network, as well as log information.

‘Acp-software’ was a large 137GB bucket that contained database dumps with the company’s Google and Azure account credentials, as well as credentials from some Accenture clients. Credentials included hashed and unhashed passwords.

Access keys for Enstratus, a cloud infrastructure management platform, are also exposed here, potentially leaking the data of other tools coordinated by Enstratus,” O’Sullivan says in a blog.

Data dumps from Accenture’s choice of event tracker, Zenoss, which records new user creation, IP addresses and JSession IDs are also part of the bucket.

 The ‘acp-ssl’ bucket contained key stores that could access different Accenture environments, including private keys and certificates.

O’Sullivan says that during the period the servers were open to public access, anyone who found the URLs could have caused major damage to the company.

“It is possible a malicious actor could have used the exposed keys to impersonate Accenture, dwelling silently within the company’s IT environment to gather more information. The specter of password reuse attacks also looms large, across multiple platforms, websites, and potentially hundreds of clients,” he says in the blog.

"Enterprises must be able to secure their data against exposures of this type, which could have been prevented with a simple password requirement added to each bucket.”

“How can we ensure all of our systems are configured as they need to be, even at scale? Until such enterprises can trust that their systems are only accessible as needed, hugely damaging exposures of this type will persist, exposing us all to the brunt of cyber risk.”

Story image
BlackBerry, Microsoft enter partnership for Teams integration
"Integrating BlackBerry AtHoc will ensure that any organisation managing critical events using Teams is able to contact, alert, and account for everyone within the organisation directly."More
Story image
Insider threat report reveals deception in the workforce
Insider threats come from people inside an enterprise, whether they divulge proprietary information with nefarious intentions, or are just careless employees that unwittingly share sensitive data, writes Bitglass product marketing manager Juan Lugo.More
Story image
Security and operations collaboration key to success post COVID-19
“We are in an ultra-hybrid world with multi-everything, and in order to successfully navigate this landscape, ITOps, DevOps, and SecOps teams need to more closely align."More
Story image
Gartner reveals the top strategic tech trends for 2021
“CIOs are striving to adapt to changing conditions to compose the future business - this requires the organisational plasticity to form and reform dynamically. Gartner’s top strategic technology trends for 2021 enable that plasticity.”More
Story image
Palo Alto Networks extends cloud native security platform with new modules
Palo Alto Networks has announced the availability of Prisma Cloud 2.0, including four new cloud security modules, thus extending its Cloud Native Security Platform (CNSP). More
Story image
CrowdStrike targets Zero Trust blind spot with new offering
CrowdStrike has officially launched CrowdStrike Falcon Zero Trust Assessment (ZTA), designed to aid in overall security posture by delivering continuous real-time assessments across all endpoints in an organisation regardless of the location, network or user. More