According to reports, the security researcher UpGuard has discovered three unprotected Amazon S3 buckets which has exposed the personal information of Attunity (Israeli-based Database Management Company). Since, the databases contain sensitive information about Fortune 100 companies including Netflix, Ford, TD Bank and other companies. For those who are not aware, it was sported by UpGurad’ security researcher team in 13th May 2019. Let’s take have a look at this Cyber activities in detail.
About Attunity: Largest Database Management Company
Report says, Attunity is come in the top in the list of largest Database companies which has recently acquired by Qlik (Business Intelligent platform). Attunity is biggest corporation of the world like Pfizer, Dobly, Brown-Forman, Philips and many others.
UpGurad Researcher team discovered AWS 3 buckets exposure: leaked information can be beneficial for Cyber Criminals
When we talk about the sensitive information store in Attunity’s database, the data are backup of employee’s One Drive Accounts, System password, project details, keys for productions System, sales information, internal busyness dements and more information as well. However, security researcher who have researched lot on the matter, informed the party responsible within a day the access to crucial information was terminated. Researcher has not yet confirmed that whether or not bad actors manager to put the leaked details for malicious activities like fraud or other activities.
UpGurad’s researcher team contacted Attunity three days after the discovery
Since, AWS S3 buckets were put on server under the name of “attunity-it”, “attunity-patch”, “attunity-support” with the memory size about 1TB while 750GB were compressed email backups. At the moment of September 2014 when the Attunity was updated one of the buckets, there was no news about data stealing or exposed at that time. On other hand, it is quite difficult to consider the size of such AWS S3 buckets which contains about 1000 of entries. No doubt such exposure might be huge and hacker might use special tool to filter or steal such information. Moreover, leaky AWS S3 buckets contain not only Attunity’ data, but also industry giants. So, we can say that there is chance of misleading or misused of information to access the world’s most popular databases companies. Let’s take have a look the statement of researcher of UpGurad Team on the matter “AWS 3 buckets exposure”
One class of data, among the most obviously significant for an information security program, are credentials for systems that would feasibly allow for the further compromise of the integrity, confidentiality, or availability of data. UpGuard researchers do not attempt to use credentials, and so cannot report on what access these could have provided, but the exposure of credentials certainly removes one layer of protection for accessing those systems. If they are administrative credentials then the exposure level would be high.
AWS 3 buckets exposure is not new: Back-To-Back incidents occurs like that
For those who are not aware, at the time of April 2018, it was incident on LocalBlox Service which holds the information about personal and business users which left as AWS 3 buckets exposure. As a result of it, the information of about 48 million of user of Facebook, Twitter and other social media platform was exposed. Since, the UpGuard has been working on hard on stopping these leaky buckets of falling into Cyber crooks’ hands. We hope that the matter will solve soon. For any suggestions or queries, please write on comment box given below.
You may also read: Emuparadise data breach -1.1 million accounts exposed