- EY disclosed a 4TB SQL backup online containing sensitive credentials and application secrets
- Neo Security warned EY; researchers suspect that threat actors have already gained access to the data
- EY responded professionally, but it took a week to fix the problem
Ernst & Young (EY), one of the world’s largest accounting firms, kept a complete database backup on the public Internet, available to anyone who knew where to look. The backup, a .BAK file, was 4 TB in size and contained sensitive information such as schema, data, stored procedures and “every secret stored in these tables”.
This is according to a security researcher at Neo Security who was doing “low-level tool work” when a SQL Server BAK file caught his eye.
The researcher didn’t download the entire database (because that would be a crime), but claims that these files usually contain “API keys, session tokens, user credentials, cached authentication tokens, service account passwords. Whatever application is stored in the database. Not just one secret… all the secrets.”
“Textbook perfect” answer
The researchers explained that the consequences could have been enormous. A single BAK file, exposed for a few minutes, was enough for a company to be breached and infected with ransomware.
“Finding a 4TB SQL backup exposed to the public internet is like finding the master plan and physical keys to a box, just sitting there. With a note saying ‘free to a good home.'” they warned.
As soon as their suspicions were confirmed, the researchers contacted EY to alert them to the findings. They did not know how long the database remained open and said any responsible researcher should assume that by then multiple threat actors had already stolen it.
Still, they praised EY for their response, saying the company’s IT team was “Textbook perfect.”
“Professional recognition. No defensiveness, no legal threats. Just: “Thank you. We’re underway.”
Still, it took EY a full week to get the issue fully triaged and remedied – a lot of time for an issue where every second counts.
Via The register
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
