Accenture Exposes Private Client Information On AWS

Et tu, Accenture? The global management consulting firm has become the latest in line of companies that have exposed the private data of users and clients on the cloud.

Australian IT company UpGuard that specializes in cyber threat risk assessment for large businesses is the one to discover this newest lapse in security, which had Accenture exposing the data of its clients via four publicly accessible servers.

And not just any clients, no sir.

The Accenture Cloud Platform includes clients from 94 Fortune 100 companies, along with three quarters of Fortune 500 companies. As you can see, we are dealing with some very high stakes here.

According to UpGuard, the unsecure servers exposed information like secret API data, authentication credentials, certificates, decryption key, as well as customer details and other data — everything that could have been used to attack Accenture clients.

Chris Vickery, the director of cyber risk research at UpGuard, discovered the exposed servers on September 17, and found that four Amazon Web Services S3 storage buckets were configured for public access.

In other words, anyone could have downloaded the data on them, as long as they had the address of the bucket in question.

If this is starting to sound familiar, it is because several other organizations have been found guilty of these lapses in security. Personal data of more than 14 million Verizon Wireless customers was recently exposed in the same fashion.

The good news is that it only took Accenture a day to fix the problem, after being notified by UpGuard on September 18. Nevertheless, rookie mistakes like these that expose so much sensitive information is strange to be coming from such an experienced firm.