Attunity Suffers ‘Keys-to-the-Kingdom’ Leak: TD Bank, Ford Exposed

Cloud service company Attunity has suffered a data leak. It left 1TB of files from companies like TD Bank and Ford exposed.

When cloud computing first became a thing, one of the many criticisms is the fact that data is now more vulnerable than ever before. That criticism has been proven right thanks to a data leak at Attunity. Files from companies such as TD Bank and Ford Motor company were exposed as a result.

From the Financial Post:

Attunity Ltd., a company that manages and safeguards data, left internal files exposed on the internet for clients including Ford Motor Co., and the Toronto-Dominion Bank, in the latest example of sensitive information being publicly accessible on the web.

The incident revealed passwords and network information about Attunity as well as emails and technology designs from some of its high-profile customers. Researchers at UpGuard Inc., a cybersecurity company, found more than a terabyte of data left unsecured by Attunity last month on Amazon Web Services cloud-computer servers, according to a report they published Thursday.

Attunity’s data buckets included files about Ford’s information-technology architecture and details on internal project plans. Documents attributed to TD Bank included invoices, agreements between the companies, and files about the type of technology solution Attunity was configuring for the bank. There was also log-in information for a database Attunity created when it was trying to sign Netflix Inc. as a client in 2015. Netflix downloaded a demo of an Attunity tool that could have helped the streaming company switch databases, but never became a customer, according to a Netflix spokeswoman.

The centrepiece was a large collection of Attunity files including administrative and employee passwords to various systems, extensive employee email backups, a roadmap to the company’s virtual network and personal information about Attunity’s employees. The widespread presence of login credentials swelled the potential harm of the data leak, according to UpGuard.

“It’s a category of data breach we refer to as a keys-to-the-kingdom exposure,” said Chris Vickery, director of cyber-risk research at UpGuard.

This latest security incident represents the first one we’ve been able to report on this month. Knowing what went on in previous months, this won’t be the last either.

Drew Wilson on Twitter: @icecube85 and Facebook.

1 Trackback or Pingback

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: