UpGuard researcher Chris Vickery discovered that Accenture, a large corporate consulting and management firm, left at least four Amazon Web Services S3 storage buckets configured for public access. These unsecured storage buckets were accessible to anyone who entered the buckets’ URLs into their browser and exposed 300 gigabytes of data including secret API data, certificates, decryption keys, plaintext passwords, and customer information. The NJCCIC recommends patrons of Accenture immediately change their passwords to this and any other sites that share login credentials and enable multi-factor authentication on any account that offers it. Additionally, the NJCCIC recommends organizations using a cloud storage solution to store sensitive data properly configure and regularly audit their security settings to maintain confidentiality of their data.

Data BreachNJCCICAccenture