Accenture exposed mission critical intellectual property (IP) via an Amazon Web Services (AWS) cloud leak, according to the UpGuard Cyber Risk Team. UpGuard discovered the leak in September 2017, alerted Accenture and the AWS leak was closed within a day.
If left open, the leak could have caused massive damage. According to UpGuard, the leak involved:
- At least four cloud-based storage servers that were unsecured and publicly downloadable.
- Those server exposed secret API data, authentication credentials, certificates, decryption keys, customer information, and more data that could have been used to attack both Accenture and its clients.
- The servers’ contents appear to be the software for the corporation’s enterprise cloud offering, Accenture Cloud Platform, a “multi-cloud management platform” used by Accenture’s customers, which “include 94 of the Fortune Global 100 and more than three-quarters of the Fortune Global 500.”
That Accenture data, in theory, could have been used for critical secondary attacks against the company's clientele, UpGuard asserts.
Top MSSPs, Big Brands Suffer AWS Cloud Leaks
Accenture is the third Top 100 MSSP to suffer a high profile breach or data leak in recent weeks. The others were Deloitte and Verizon Communications.
AWS cloud leaks, in particular, have earned multiple headlines in recent months. Additional AWS-related leaks in 2017 have included:
- 14 million Verizon records were left exposed in an earlier leak unrelated to this one
- Sensitive personal files of thousands of U.S. military and intelligence personnel
- 4 million Time Warner Cable customer records were exposed
- WWE database leak with 3 million customer records
- A Republican database with information on 200 million voters
- Dow Jones suffered a similar AWS exposure
