Client Data at Ford, TD Bank Exposed by Attunity (Jun 28, 2019)
Attunity, a data integration and data management company, left client data files exposed on the internet, according to a June 27 report from UpGuard.. The security issue stems from misconfiguration of three Amazon S3 buckets used by Attunity, which the company has now secured. The incident involves two high-profile impacted clients, Ford and TD Bank, with exposed data related to internal business functions, as well as information technology architecture and solutions related to Attunity. Researchers at UpGuard stated that while the total size of the database is uncertain, “The researcher downloaded a sample of about a terabyte in size, including 750 gigabytes of compressed email backups. Backups of employees’ OneDrive accounts were also present and spanned the wide range of information that employees need to perform their jobs: email correspondence, system passwords, sales and marketing contact information, project specifications, and more.”
Recommendation: Your company should have protocols in place to ensure that all cloud storage systems are properly configured and patched. Amazon S3 buckets are too often misconfigured and threat actors realize there is potential for malicious activity if the buckets are targeted. A Defense-in-depth (layering of security mechanisms, redundancy, fail-safe defense processes) approach is a good mitigation step to help prevent actors from highly-active threat groups.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.