Story image

Accenture's data breach stark reminder of server misconfiguration dangers

11 Oct 17

Global corporate consulting and management firm Accenture is now the subject of a major data breach after researchers from security firm UpGuard revealed the company had failed to secure at least four of its cloud-based storage servers, leaving information publicly downloadable.

The storage servers are believed to be part of Accenture Cloud Platform, which is used by many high-profile customers worldwide.

The servers, hosted on Amazon Web Services S3 storage buckets, contained confidential customer information, authentication credentials, certificates, decryption keys and secret API data.

According to UpGuard’s cyber resilience analyst Dan O’Sullivan, attackers could have harvested even more data that could be used to attack the company and its customers.

Fellow researcher Chris Vickory discovered the breach in September and promptly notified Accenture. The company secured all four servers the following day.

UpGuard says the breach demonstrates that even the largest enterprises can be caught by a breach, exposing sensitive data and risking severe damage.

RedLock CEO Varun Badhwar says the incident is unfortunate but not surprising, because cloud misconfigurations have led to many organisations inadvertently exposing services to the public.

“The fact that a large database of credentials was compromised in this breach creates additional opportunities for hackers to infiltrate the network. It’s imperative that any organisation facing this type of incident replace all compromised credentials immediately. But more importantly, they must vigilantly monitor their environments for intrusions by looking for suspicious activities to contain any potential breaches,” Badhwar comments.

The four storage buckets’ AWS subdomains ‘acp-deployment’, ‘acpcollector’, ‘acp-software’, and ‘acp-ssl’ all contained ‘significant’ internal company data, cloud platforms and configurations.

The ‘acp-deployment’ bucket appeared to store internal access keys and credentials for the Identity API, as well as a document that contained the master access key for AWS Key Management Service. It also included a document suspected to be the password for decrypting different files.

The ‘acpcollector’ bucket contained VPN keys for Accenture’s private network, as well as log information.

‘Acp-software’ was a large 137GB bucket that contained database dumps with the company’s Google and Azure account credentials, as well as credentials from some Accenture clients. Credentials included hashed and unhashed passwords.

Access keys for Enstratus, a cloud infrastructure management platform, are also exposed here, potentially leaking the data of other tools coordinated by Enstratus,” O’Sullivan says in a blog.

Data dumps from Accenture’s choice of event tracker, Zenoss, which records new user creation, IP addresses and JSession IDs are also part of the bucket.

 The ‘acp-ssl’ bucket contained key stores that could access different Accenture environments, including private keys and certificates.

O’Sullivan says that during the period the servers were open to public access, anyone who found the URLs could have caused major damage to the company.

“It is possible a malicious actor could have used the exposed keys to impersonate Accenture, dwelling silently within the company’s IT environment to gather more information. The specter of password reuse attacks also looms large, across multiple platforms, websites, and potentially hundreds of clients,” he says in the blog.

"Enterprises must be able to secure their data against exposures of this type, which could have been prevented with a simple password requirement added to each bucket.”

“How can we ensure all of our systems are configured as they need to be, even at scale? Until such enterprises can trust that their systems are only accessible as needed, hugely damaging exposures of this type will persist, exposing us all to the brunt of cyber risk.”

Dell dominates enterprise storage market, HPE declines
The enterprise storage system market continues to be a goldmine for most vendors with demand relentlessly rising year-on-year.
The key to financial institutions’ path to digital dominance
By 2020, about 1.7 megabytes a second of new information will be created for every human being on the planet.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
Record revenues from servers selling like hot cakes
The relentless demand for data has resulted in another robust quarter for the global server market with impressive growth.
Opinion: Critical data centre operations is just like F1
Schneider's David Gentry believes critical data centre operations share many parallels to a formula 1 race car team.
MulteFire announces industrial IoT network specification
The specification aims to deliver robust wireless network capabilities for Industrial IoT and enterprises.
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill.