Delete comment from: DSHR's Blog
Unlike Deloitte, Accenture was not the "world’s best IT security consultancy" five years running. But they are strong competitors in this field:
"Accenture has confirmed it inadvertently left a massive store of private data across four unsecured cloud servers, exposing highly sensitive passwords and secret decryption keys that could have inflicted considerable damage on the company and its customers.
The servers, hosted on Amazon's S3 storage service, contained hundreds of gigabytes of data for the company's enterprise cloud offering, which the company claims provides support to the majority of the Fortune 100.
The data could be downloaded without a password by anyone who knew the servers' web addresses."
and:
"Each server contained a range of different types of credentials, including private signing keys that could be used to impersonate the company, and passwords -- some of which were stored in plaintext.
Vickery said he also found Accenture's master keys for its Amazon Web Service's Key Management System (KMS), which if stolen could allow an attacker full control over the company's encrypted data stored on Amazon's servers."
Oct 12, 2017, 5:47:47 PM
Posted to Not Whether But When