Latest in Gear

Image credit: PAUL J. RICHARDS via Getty Images

Accenture left four servers of sensitive data completely unprotected

Cybersecurity firm UpGuard discovered the data last month.
651 Shares
Share
Tweet
Share
Save

Sponsored Links

PAUL J. RICHARDS via Getty Images

UpGuard has yet again uncovered a trove of corporate data left unprotected, this time from major consulting and management firm Accenture. The data -- contained on four cloud-based storage servers -- were discovered by UpGuard Director of Cyber Risk Research Chris Vickery in mid-September and weren't protected by a password. Anyone with the servers' web addresses could download the stored information, which included decryption keys, passwords and customer info. And Accenture's client list includes a number of large companies. On its website, Accenture says its clients "span the full range of industries around the world and include 94 of the Fortune Global 100 and more than three-quarters of the Fortune Global 500."

UpGuard says that the information stored on the unprotected servers could have been used to attack Accenture itself as well as a number of its clients and Vickery told ZDNet that the data amounted to the "keys to the kingdom." In a blog post about the exposure, UpGuard said, "Taken together, the significance of these exposed buckets is hard to overstate. In the hands of competent threat actors, these cloud servers, accessible to anyone stumbling across their URLs, could have exposed both Accenture and its thousands of top-flight corporate customers to malicious attacks that could have done an untold amount of financial damage."

This data exposure is just the latest to be sniffed out by cybersecurity firm UpGuard. Other recent discoveries by the company include Election Systems & Software's exposure of 1.8 million Chicago residents' personal information, Deep Root Analytics' leak of nearly 200 million US citizens' data, the release of 14 million Verizon customers' info by Nice Systems and exposure of classified intelligence data by a US defense contractor. In light of these repeated mishandlings of sensitive data, it's becoming increasing clear that major companies need to take a serious look at their cybersecurity practices.

UpGuard quickly notified Accenture after discovering the exposed data and the company secured the servers soon thereafter. Accenture also said that UpGuard was the only non-authorized visitor to access the servers. Accenture told ZDNet, "We closed the exposure when the Amazon Web Services S3 issue was first reported. As we continue our forensic review we may learn more but, the email and password information in the database is more than two and a half years old and for Accenture users of a decommissioned system."

Verizon owns Engadget's parent company, Verizon Media. Rest assured, Verizon has no control over our coverage. Engadget remains editorially independent.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
651 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's Guide to Privacy

Engadget's Guide to Privacy

View
TiVo says all retail DVR owners will see ads before recorded shows

TiVo says all retail DVR owners will see ads before recorded shows

View
Batman comes to 'Fortnite' along with Catwoman and Gotham City

Batman comes to 'Fortnite' along with Catwoman and Gotham City

View
Hitting the Books: Searching for ancient cities from space

Hitting the Books: Searching for ancient cities from space

View
The Morning After: Taking a look inside the iPhone 11 Pro Max

The Morning After: Taking a look inside the iPhone 11 Pro Max

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr