Security Market Segment LS
Wednesday, 11 October 2017 08:23

Accenture's crown jewels found exposed in unsecured AWS buckets Featured


Global corporate consulting and management firm Accenture left at least four cloud-based storage servers unsecured and open to the public, the security company UpGuard has found.

Exposed to the world were secret API data, authentication credentials, certificates, decryption keys, customer information and other data that could have been used to attack both the company and its clients.

Accenture’s customers “include 94 of the Fortune Global 100 and more than three-quarters of the Fortune Global 500”.

The exposed data was found on 17 September by UpGuard director of Cyber Risk Research, Chris Vickery, who has made a large number of similar discoveries. Four Amazon Web Services S3 storage buckets were found set up for public access and with their contents downloadable by anyone who accessed the sites using their Web address.

"A cursory analysis on 18 September of the four buckets — titled with the AWS subdomains 'acp-deployment', 'acpcollector', 'acp-software', and 'acp-ssl' — revealed significant internal Accenture data, including cloud platform credentials and configurations, [and this] prompted Vickery to notify the corporation; the four AWS servers were secured the next day," UpGuard's Dan O'Sullivan wrote in a detailed description of the find.

All four of the S3 buckets contained sensitive data about Accenture Cloud Platform, its inner workings, and Accenture clients using the platform. "All were maintained by an account named 'awsacp0175', a possible indication of the buckets’ origin."

One bucket, “acpcollector”, was used to store data that was needed to have visibility into, and maintenance of, Accenture’s cloud stores. There were VPN keys used in production for Accenture’s private network which meant that a master view of Accenture’s cloud ecosystem could be exposed.

"Also contained in the bucket are logs listing events occurring in each cloud instance, enabling malicious actors to gain far-reaching insight into Accenture’s operations," O'Sullivan wrote.

The bucket “acp-deployment” included configuration files for Accenture's Identity API and a document listing the master access key for Accenture’s account with Amazon Web Service’s Key Management Service. This meant an an unknown number of credentials were exposed to possible malicious use.

The "acp-software" bucket contained huge database dumps that included credentials, some being of Accenture clients. "While many of the passwords contained here are hashed, nearly 40,000 plaintext passwords are present in one of the database back-ups," O'Sullivan said.

"Access keys for Enstratus, a cloud infrastructure management platform, are also exposed, potentially leaking the data of other tools co-ordinated by Enstratus. Information about Accenture’s ASGARD database, as well as internal Accenture email info, are also contained here."

UpGuard said the exposed buckets could have left both Accenture and its thousands of top-flight corporate customers open to malicious attacks that could have done untold financial damage.

"It is possible a malicious actor could have used the exposed keys to impersonate Accenture, dwelling silently within the company’s IT environment to gather more information. The spectre of password re-use attacks also looms large, across multiple platforms, websites, and potentially hundreds of clients."

Contacted for comment, an Accenture spokesperson told iTWire: "There was no risk to any of our clients – no active credentials, PII (personally identifiable information) or other sensitive information was compromised.

"We have a multi-layered security model, and the data in question would not have allowed anyone that found it to penetrate any of those layers. The information involved could not have provided access to client systems and was not production data or applications."


Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has high potential to be exposed to risk.

It only takes one awry email to expose an accounts payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 steps to improve your Business Cyber Security’ you will learn some simple steps you should be taking to prevent devastating malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you will learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments