- EY exposed 4TB SQL backup containing sensitive credentials and application secrets online
- Neo Security notified EY; researchers suspect threat actors may have already accessed the data
- EY responded professionally but took a week to fully resolve the issue.
Ernst & Young (EY), one of the world’s largest accounting firms, kept a complete backup of its database on the public Internet, accessible to anyone who knew where to look. The backup, a .BAK file, was 4TB in size and contained sensitive information such as schema, data, stored procedures, and “all secrets stored in these tables.”
So said a security researcher at Neo Security, who was doing “low-level tooling work” when a SQL Server BAK file caught his eye.
The researcher did not download the entire database (as that would be a crime), but claims that these files typically contain “API keys, session tokens, user credentials, cached auth tokens, service account passwords. Whatever application is stored in the database. Not one secret… all the secrets.”
“Perfect Manual” Answer
The researchers explained that the consequences could have been enormous. A single BAK file, exposed for just a few minutes, was enough for a company to be hacked and infected with ransomware.
“Finding a 4TB SQL backup exposed on the public Internet is like finding the master plan and physical keys to a vault, right there. With a note that says ‘free to a good home,'” they warned.
As soon as their suspicions were confirmed, the researchers contacted EY to alert them of their findings. They didn’t know how long the database remained open and said any responsible researcher would have to assume that by that time multiple bad actors had already stolen it.
They nevertheless praised EY for its response, saying the company’s IT team was “perfect.”
“Professional recognition. No defensiveness, no legal threats. Just: ‘Thank you. We are there. »
Still, it took EY a full week to get the issue fully triaged and resolved – a long time for an issue where every second counts.
Via The register
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
