Mon. Jul 13th, 2020

Many world-renowned companies leak data due to misconfigured AWS S3 server

1 min read

Attunity, an Israeli IT company that provides data management, warehousing, and replication services to world-renowned companies, was leaked three “publicly accessible Amazon S3 buckets”.  The leaked AWS S3 contains information about Attunity’s own operations, as well as some customer data like Ford, TD Bank, Netflix, and other Fortune 100 companies. Data breach tracking company UpGuard discovered the leaked S3 on May 13.

Marriott Starwood Hotel Data Breach

Public information includes backups of employee OneDrive accounts, email communications, system passwords, production system private keys, sales and marketing contact materials, project specifications, employee profiles, and more.

UpGuard researchers discovered the username and password for the Netflix production database system, the invoices used by TD Bank internal software staff, and various internal project files from Ford. There are also email communications between some of the company’s employees, including passwords for work accounts or production systems. The backup file also contains a large number of private keys for the company’s internal network. Attunity’s own internal system certification was exposed, and hackers could make a larger attack on Attunity’s network.

UpGuard researchers say the 1TB of data they downloaded from the public Attunity S3 is small. The scale of the leak is huge, which may lead to hacking of some world-renowned companies.