A major data exposure scenario unfolded when Neo Security uncovered a publicly accessible 4TB SQL Server backup belonging to Ernst & Young on Microsoft Azure. This incident, found during a routine asset mapping exercise, underlines the potential for significant vulnerabilities in even the most robust organizations. The file, named in a way that clearly identified it as a SQL Server backup (.BAK format), can contain sensitive information such as schemas, user data, and crucial secrets like API keys and authentication tokens.
The responsible disclosure process took several attempts and included discovery methods like DNS record lookups that confirmed EY’s involvement through a domain tie to ey.com. Once engaged, EY’s Cyber Security Incident Response Team reacted quickly and effectively to mitigate the exposure, successfully remediating the issue within a week. This incident is a reminder of the risks associated with cloud storage and the common pitfalls that can lead to data leaks in fast-paced business infrastructures, where data may inadvertently become publicly accessible due to configuration errors.
Experts emphasize that as automated scanning tools become more prevalent, organizations must prioritize continuous monitoring and vulnerability assessments. The EY incident illustrates not only the potential for substantial data loss but also the importance of proactive security measures in safeguarding sensitive information.
👉 Pročitaj original: Cyber Security News
