TD Bank and Ford Internal Files Exposed On the Internet

TD Bank and Ford are just a few of the companies whose data was exposed by three Amazon S3 cubes that belong to Attunity.

Three public cloud storage from Attunity leaked more than a terabyte of data of their Fortune 100 customers, including internal business documents, system passwords, and employee confidential information. Attunity, based in Israel, was acquired by Qlik in May and now acts as a division under Qlik.

To simplify the analysis, records are replicated and migrated. The company is used by more than two thousand commercial customers and half of the Fortune 100 companies: Affected customers whose files are in open records, including Netflix, TD Bank, and Ford.

Researchers with UpGuard have discovered a publicly available Amazon S3 bucket that filter customers’ internal business documents, employee email and OneDrive account backups, and other sensitive data, including emails, system passwords, etc. The bucket have been backed up.

The overall size of the leak is uncertain, but researchers have downloaded a sample of about a terabyte, including 750 GB of compressed email backups. According to them they found the most confidential data in the attunity-it file, which contained information since September 2014. Two more files were downloaded a few days before their discovery.

In the dataset, researchers found customer list, system credentials, and system information, including details of SAP systems for patent customers and attendance systems. In addition, a large amount of personal information of customers, employees (including human resources information, like payroll, etc.) was exposed.

“The risks to Attunity posed by exposing credentials, information, and communications, they are risks to the security of the data they process. While many of the files are years old, the bucket was still in use at the time detected and reported by UpGuard, with the most recent files having been modified within days of discovery,” said researchers in their Thursday disclosure of the leaked data.

The researchers first discovered three publicly available Amazon S3 buckets on May 13 (“attunity-it,” “immune patch,” and “support attitude”).

According to Qlik spokesman, “We are conducting a thorough investigation into this issue and have commissioned an external security company to conduct an independent security assessment.” We take this matter seriously and undertake to complete this investigation as soon as possible.”