Security Market Segment LS
Wednesday, 11 October 2017 08:23

Accenture's crown jewels found exposed in unsecured AWS buckets Featured


Global corporate consulting and management firm Accenture left at least four cloud-based storage servers unsecured and open to the public, the security company UpGuard has found.

Exposed to the world were secret API data, authentication credentials, certificates, decryption keys, customer information and other data that could have been used to attack both the company and its clients.

Accenture’s customers “include 94 of the Fortune Global 100 and more than three-quarters of the Fortune Global 500”.

The exposed data was found on 17 September by UpGuard director of Cyber Risk Research, Chris Vickery, who has made a large number of similar discoveries. Four Amazon Web Services S3 storage buckets were found set up for public access and with their contents downloadable by anyone who accessed the sites using their Web address.

"A cursory analysis on 18 September of the four buckets — titled with the AWS subdomains 'acp-deployment', 'acpcollector', 'acp-software', and 'acp-ssl' — revealed significant internal Accenture data, including cloud platform credentials and configurations, [and this] prompted Vickery to notify the corporation; the four AWS servers were secured the next day," UpGuard's Dan O'Sullivan wrote in a detailed description of the find.

All four of the S3 buckets contained sensitive data about Accenture Cloud Platform, its inner workings, and Accenture clients using the platform. "All were maintained by an account named 'awsacp0175', a possible indication of the buckets’ origin."

One bucket, “acpcollector”, was used to store data that was needed to have visibility into, and maintenance of, Accenture’s cloud stores. There were VPN keys used in production for Accenture’s private network which meant that a master view of Accenture’s cloud ecosystem could be exposed.

"Also contained in the bucket are logs listing events occurring in each cloud instance, enabling malicious actors to gain far-reaching insight into Accenture’s operations," O'Sullivan wrote.

The bucket “acp-deployment” included configuration files for Accenture's Identity API and a document listing the master access key for Accenture’s account with Amazon Web Service’s Key Management Service. This meant an an unknown number of credentials were exposed to possible malicious use.

The "acp-software" bucket contained huge database dumps that included credentials, some being of Accenture clients. "While many of the passwords contained here are hashed, nearly 40,000 plaintext passwords are present in one of the database back-ups," O'Sullivan said.

"Access keys for Enstratus, a cloud infrastructure management platform, are also exposed, potentially leaking the data of other tools co-ordinated by Enstratus. Information about Accenture’s ASGARD database, as well as internal Accenture email info, are also contained here."

UpGuard said the exposed buckets could have left both Accenture and its thousands of top-flight corporate customers open to malicious attacks that could have done untold financial damage.

"It is possible a malicious actor could have used the exposed keys to impersonate Accenture, dwelling silently within the company’s IT environment to gather more information. The spectre of password re-use attacks also looms large, across multiple platforms, websites, and potentially hundreds of clients."

Contacted for comment, an Accenture spokesperson told iTWire: "There was no risk to any of our clients – no active credentials, PII (personally identifiable information) or other sensitive information was compromised.

"We have a multi-layered security model, and the data in question would not have allowed anyone that found it to penetrate any of those layers. The information involved could not have provided access to client systems and was not production data or applications."

WEBINAR event: IT Alerting Best Practices 27 MAY 2PM AEST

LogicMonitor, the cloud-based IT infrastructure monitoring and intelligence platform, is hosting an online event at 2PM on May 27th aimed at educating IT administrators, managers and leaders about IT and network alerts.

This free webinar will share best practices for setting network alerts, negating alert fatigue, optimising an alerting strategy and proactive monitoring.

The event will start at 2pm AEST. Topics will include:

- Setting alert routing and thresholds

- Avoiding alert and email overload

- Learning from missed alerts

- Managing downtime effectively

The webinar will run for approximately one hour. Recordings will be made available to anyone who registers but cannot make the live event.



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments