AWS S3 server leaks information from Fortune 100 firms

Source :- dqindia.com

The leaky AWS S3 buckets contained information about Attunity’s own activities as well as data from some of its clients
Attunity, an Israeli IT company that offers data management, warehousing, and replication services for the world’s largest companies, has exposed some of the information of its clients after leaving three AWS S3 buckets exposed without a password on the Internet, according to ZDNet.

The leaky AWS S3 buckets contained information about Attunity’s own activities as well as data from some of its clients – Fortune 100 businesses such as Ford, Netflix and TD Bank. The leaky AWS S3 buckets were found on May 13, and were secured after 3 days.

The leaked information included backups of employees’ OneDrive accounts; email correspondence; system passwords; private keys for production systems; sales and marketing contact information; project specifications; employee personal data; and more.

Other data included email correspondence between employees at unnamed companies, containing job account passwords or manufacturing systems. Backup files also contained troves of private keys and passwords for companies’ internal networks.

In addition to Netflix, Attunity itself was one of the businesses that had its credential exposed for inner applications, meaning that the leaky S3 server could have served as a springboard for a larger hack into the network of Attunity.

According to its website, ‘It goes without saying that the leak was massive due to the potential ramifications, providing useful information that could have led to intrusions at some of the world’s biggest companies. And Attunity has a who’s who list of customers’. S3 bucket also contained files storing employees’ personal data, which has now been leaked.

UpGuard researchers said that “this was only scratching the surface in the 1TB sample data they downloaded from the exposed Attunity S3 buckets, and the leaky servers probably contained a lot more”.