UpGuard says that the information stored on the unprotected servers could have been used to attack Accenture itself as well as a number of its clients and Vickery told ZDNet that the data amounted to the "keys to the kingdom." In a blog post about the exposure, UpGuard said, "Taken together, the significance of these exposed buckets is hard to overstate. In the hands of competent threat actors, these cloud servers, accessible to anyone stumbling across their URLs, could have exposed both Accenture and its thousands of top-flight corporate customers to malicious attacks that could have done an untold amount of financial damage."
This data exposure is just the latest to be sniffed out by cybersecurity firm UpGuard. Other recent discoveries by the company include Election Systems & Software's exposure of 1.8 million Chicago residents' personal information, Deep Root Analytics' leak of nearly 200 million US citizens' data, the release of 14 million Verizon customers' info by Nice Systems and exposure of classified intelligence data by a US defense contractor. In light of these repeated mishandlings of sensitive data, it's becoming increasing clear that major companies need to take a serious look at their cybersecurity practices.
UpGuard quickly notified Accenture after discovering the exposed data and the company secured the servers soon thereafter. Accenture also said that UpGuard was the only non-authorized visitor to access the servers. Accenture told ZDNet, "We closed the exposure when the Amazon Web Services S3 issue was first reported. As we continue our forensic review we may learn more but, the email and password information in the database is more than two and a half years old and for Accenture users of a decommissioned system."