Attunity Data Leak Exposes Sensitive Files at Ford, TD Bank
Three unsecured Amazon S3 storage buckets compromised more than 1TB of data belonging to Attunity and its high-profile clients.
Data management firm Attunity exposed more than 1TB of sensitive data via three misconfigured Amazon S3 buckets, security firm UpGuard disclosed late last week. The mistake compromised Attunity’s internal corporate information as well as data of high-profile businesses, including Ford, TD Bank, and Netflix.
UpGuard researcher Chris Vickery found publicly accessible S3 storage buckets “attunity-it,” “attunity-patch,” and “attunity-support” on May 13, 2019. While the total amount of compromised data has not been confirmed, Vickery downloaded a sample of about 1TB, which included 750GB of compressed email backups, UpGuard reports.
“Attunity-it” held the bulk of sensitive data as well as the oldest files, which were uploaded in September 2014, though this doesn’t mean they have been publicly accessible since then. The newest files were uploaded days before the discovery. Attunity was notified of the exposure on May 16. Following complications related to time zone disparities and Attunity’s recent acquisitionby business intelligence company Qlik, public access to the buckets was removed on May 17, 2019.