Does your company use Accenture Cloud?
If so, be thankful the Security Risk Team at UpGuard made this discovery before anyone else apparently did.
Researchers discovered four Accenture cloud databases that were open and available for anyone knowing where to look.
According to a new report on the Accenture database exposure, this was another case of Amazon Web Services S3 storage buckets left exposed.
These buckets contained information that posed a significant risk to Accenture's cloud operations and the clients who use it. Among that information:
- a collection of nearly 40,000 plaintext passwords is present in one of the database backups
- VPN keys used in production for Accenture’s private network
- a plaintext document containing the master access key for Accenture’s account with Amazon Web Service’s Key Management Service
- configuration files for an Identity API
And there is more, much more, in the UpGuard report.
Says the company's Dan O'Sullivan, "Taken together, the significance of these exposed buckets is hard to overstate. In the hands of competent threat actors, these cloud servers, accessible to anyone stumbling across their URLs, could have exposed both Accenture and its thousands of top-flight corporate customers to malicious attacks that could have done an untold amount of financial damage."
Accenture secured the databases the day after UpGuard notified it of the exposure.
SecureWorld has reached out to Accenture to ask why the databases were not password secured.