Home Apps and Security Updates

EY’s 4TB Data Leak on Azure Exposes Security Risks

By
phveektor
-
EY's 4TB Data Leak on Azure Exposes Security Risks
A recent incident involving Ernst & Young (EY) serves as a crucial reminder that even leading organizations are susceptible to cloud security vulnerabilities. A massive 4TB SQL Server backup, belonging to EY, was discovered publicly accessible on Microsoft Azure. This data leak highlights a fundamental principle: cloud security relies heavily on proper configuration.
The exposed file, a .BAK format commonly used for SQL Server backups, presented a significant risk. It contained a wealth of potentially sensitive information. This included schemas, user data, and embedded secrets such as API keys and authentication tokens.

The discovery of the data leak was almost serendipitous. A simple HEAD request, intended to retrieve metadata without downloading the actual file, revealed its substantial size. Initial investigations yielded limited information regarding ownership, but persistent research uncovered merger documents related to a 2020 acquisition.

Tracing Ownership and Verifying the Leak

A DNS SOA record lookup ultimately linked the domain to ey.com, confirming EY’s involvement. Recognizing the potential legal ramifications, Neo Security only downloaded the initial 1,000 bytes of the file. This was sufficient to verify the presence of the unmistakable “magic bytes” signature characteristic of an unencrypted SQL Server backup.

The Stakes of Data Exposure

The implications were immediately apparent. Neo Security noted that a similar incident involving a fintech company resulted in a devastating breach, ransomware attack, and the company’s subsequent collapse. They opted for responsible disclosure, dedicating a weekend to contacting EY’s Computer Security Incident Response Team (CSIRT).

EY responded promptly and professionally to the notification. The issue was quickly triaged and remediated within a week. The firm’s mature handling of the situation is commendable, especially when compared to the defensiveness sometimes encountered in similar cases.

Cloud Security: A Double-Edged Sword

This incident underscores a critical point about cloud platforms like Azure. While offering scalability and flexibility, they also introduce potential vulnerabilities. A single misconfigured Access Control List (ACL) can inadvertently expose private storage to the public internet.

The Growing Threat Landscape

Automated Scanning and Data Exposure

Experts caution that the increasing sophistication of automated adversarial scanning means data exposures are inevitable. Sophisticated botnets can scan the entire IPv4 address space in a matter of minutes. This reality necessitates a proactive approach to cloud security.

Proactive Security Measures

Organizations need to implement continuous asset mapping and enhanced visibility tools. These measures are essential for discovering vulnerabilities before malicious actors exploit them.

This incident raises serious questions about oversight within rapidly evolving cloud infrastructures. This is particularly relevant for EY, a firm responsible for auditing billion-dollar deals and safeguarding critical financial data. It serves as a stark reminder that even well-resourced organizations are vulnerable to human error and misconfiguration.

The Path Forward: Vigilance and Rapid Response

The industry must learn from this experience. Cloud security needs to be integrated into the foundation of every deployment, not treated as an afterthought. As cloud complexity increases, vigilance, proactive security measures, and rapid incident response capabilities become even more critical.

RELATED ARTICLESMORE FROM AUTHOR

LEAVE A REPLY

Please enter your comment!
Please enter your name here