Unsecured AWS S3 buckets leaked data belonging to Fortune 100 firms
1 July 2019
Security researchers recently unearthed three misconfigured Amazon S3 buckets that contained vast amounts of employee data, 750GB worth of compressed email backups, and data belonging to several Fortune 100 companies such a Netflix and Ford, that were not password-protected and could be accessed by anyone.
The three AWS S3 cloud buckets were discovered by a security researcher at Upguard on 13th May, following which the researcher determined that the buckets were owned by an Israeli IT firm named Attunity that provides data integration and big data management software solutions to more than two thousand enterprises as well as half of Fortune 100 companies.
The unsecured buckets contained over 1TB worth of data that included 750GB worth of compressed email backups as well as backups of employees’ OneDrive accounts that contained a wide range of information such as “email correspondence, system passwords, sales and marketing contact information, project specifications, and more.”
The discovery of the three misconfigured Amazon S3 buckets took place shortly after Attunity was acquired by Qlik, a leading US-based analytics and BI provider. Through this acquisition, Qlik aims to offer a comprehensive enterprise data integration platform to help enterprises to transform their raw data into a governed, analytics-aware information resource.
Exposed AWS S3 buckets contained detailed employee records
According to Upguard, the three AWS S3 buckets contained a detailed client list, private keys and system credentials, information about internal systems and their architecture, and spreadsheets with employee data. The latter contained first and last names, salary, job titles, payroll IDs, dates of birth, dates of hire, recruitment fees, and other details. Information about clients included usernames and passwords for Netflix production database systems.
“Attunity’s business is to replicate and migrate data into data lakes for centralised analytics. The risks to Attunity posed by exposed credentials, information, and communications, then are risks to the security of the data they process. While many of the files are years old, the bucket was still in use at the time detected and reported by UpGuard, with the most recent files having been modified within days of discovery,” noted UpGuard.
The firm said that once Attunity was informed about the presence of the three AWS S3 buckets, the company promptly removed public access to the buckets.
“Ford, Netflix, TD Bank, and all the other affected customers are probably shocked right now, that their cloud data management provider isn’t as secure as they thought. The truth is that breaches happen in this way all the time. Moreover, even if there had been at least basic password protection, one could hardly have called such a system secure,” said Anna Russell, VP at comforte AG.
“The expression “if it’s on the internet, it can be hacked” has become a fact of life. If there is a perimeter, it will be breached. As a consequence, there is a big shift in cybersecurity towards a data-centric security approach where the protection travels with the data – no matter if it is inside a perimeter or not,” she added.