Amazon S3 Buckets Expose Data

Walden Systems New Amazon S3 Buckets Expose Data Rutherford NJ New Jersey NYC New York City North Bergen County
The Accordion system converts ordinary external HD into a NAS box and enables you to backup data using any usb based storage device whether it is RAID, SATA, ATA, IDE, SSD, or even CF-card. Accordion backup appliance is a self contained device that can utilize any external storage for backing up data. You can utilize existing excess storage on existing workstations or servers. You can use existing NAS storage or you can use any usb based storage device. Accordion is agnostic when it comes to where it backs up to or what technology is used for backup.

Three cloud storage buckets from data management company Attunity leaked more than a terabyte of data from its top Fortune 100 customers, including internal business documents, system passwords, sensitive employee information. Netflix, TD Bank, and Ford were only a few of the companies whose data was exposed by three leaky Amazon S3 buckets owned by Attunity.

Israel-based Attunity, which was acquired by Qlik in May and operates as a division under Qlik, replicates and migrates datasets so that they can be easily analyzed. The company is used by half of the Fortune 100 companies. Impacted customers whose files were discovered in the exposed datasets include Netflix, TD Bank and Ford.


Researchers at UpGuard found that publicly accessibly Amazon S3 buckets was leaking customers' internal business documents, backups of employees' emails, OneDrive accounts, and other sensitive data including email messages, system passwords and more. The storage buckets have since been secured. Researchers first discovered the three publicly accessible Amazon S3 buckets back in May. Attunity, which at that time had been acquired by Qlik, was notified the next day and the budgets were removed.

The total size of the three leaking buckets is not known, but researchers downloaded a terabyte of data, including 750 gigabytes of compressed email backups. To put this into perspective, the Oklahoma government file leak in January that exposed millions of records was three terabytes, the data of almost 200 million voters left exposed by a Republican Party-affiliated data broker in 2017 was 1.1 terabytes.

Due to the nature of Attunity's business and the huge volume of emails archives present it is hard to say how many customers are affected to one degree or another. Qlik is still in the process of conducting a thorough investigation into the issue and have engaged outside security firms to conduct independent security evaluations. Qlik spokesperson stated that Qlik is taking this seriously and are committed to concluding this investigation as soon as possible.

Accidental data exposure continues to be an issue affecting third-party companies. Insider initiated incidents account for 34 percent of data breaches, with many of these being accidental exposures as opposed to malicious. In May, IT services provider HCL Technologies inadvertently exposed passwords, sensitive project reports and other private data of thousands of customers and internal employees on various public HCL subdomains. In April, hundreds of millions of Facebook records were found in two separate publicly-exposed app datasets.

The events leading to the exposure of that data provides a useful lesson of a data leak scenario. Users' workstations may be secured against hackers, but other IT processes can copy and expose the data valued by hackers. When backups are exposed, they can contain data from system credentials to personally identifiable information. Data is not safe if misconfigurations and process errors expose that data to the public internet.