Global consulting and management firm Accenture left “at least four cloud-based storage servers unsecured and publicly downloadable” recently, according to reports.
The unsecured cloud servers were found by security firm UpGuard, which discovered the data and informed Accenture of the issue in September. UpGuard released a full report about the issue today.
The unsecured data included secret API data, authentication credentials, certificates, decryption keys, and customer information. Considering that Accenture claims that “94 of the Fortune 100 companies” are clients of the firm, the potential for damage was calamitous.
“In the hands of competent threat actors, these cloud servers, accessible to anyone stumbling across their URLs, could have exposed both Accenture and its thousands of top-flight corporate customers to malicious attacks that could have done an untold amount of financial damage,” UpGuard’s Dan O’Sullivan wrote.
Chris Vickery, director of cyber risk research at security firm UpGuard, told ZDNet the data contained the “keys to the kingdom.” Vickery said he also found Accenture’s master keys for its Amazon Web Service’s Key Management System. The stolen master keys could give a hacker full control over the company’s encrypted data stored on those Amazon servers.
Accenture apparently secured the servers the day after being informed by UpGuard. It appears the large firm dodged a bullet in this case, as Accenture could only find one instance of unauthorized access while the files were unsecured, which they traced back to UpGuard.
This is the latest incident illustrating that not all companies are taking proper steps to secure their most important data — and the important data of their customers — which makes another large cyberattack seems inevitable. Accounting firm Deloitte recently revealed a breach which affected at least a few of its clients.
You may not be able to aid large companies in securing their data, but you can make sure you’re securing your own personal files. For those concerned about the safety of their files stored in the cloud, we recently covered some smaller, secure options in our article A Look At Cloud Storage Alternatives With Extra Security.