"We closed the exposure when the Amazon Web Services S3 issue was first reported. When we challenged that assertion based on the information Vickery had seen, a spokesperson later said that an investigation was ongoing. When ZDNet first reached out to Accenture, the company downplayed the exposure, saying the data was less than half a percent of its cloud service, and that "none of our client's information was involved and there was no risk to any of our clients," citing the company's "multi-layered security model." Vickery also found almost 40,000 passwords in one backup database - the vast majority were stored in plaintext. Vickery said he also found credentials that appear to relate to Accenture's access to Google's Cloud Platform and Microsoft's Azure, which could give an attacker further access to the company's cloud assets, as well as virtual private network keys, which could have allowed an attacker to access Accenture's internal corporate network.Īccording to Vickery, the largest server contained over 137 gigabytes of data, which included large databases of credentials, some of which appeared to relate directly to Accenture customers. One of the other servers contained a folder that stored keys and certificates that could be used to decrypt traffic between Accenture and its customers as it traveled across the internet. "Whatever assets and infrastructure was being protected by this KMS master key must be assumed to be completely compromised," said White.
0 kommentar(er)
