Ernst & Young (EY), one of the world’s largest accounting firms, reportedly left a massive 4TB SQL database backup exposed online, containing highly sensitive company secrets and credentials accessible to anyone who knew where to find it.
The backup, in the form of a .BAK file, contained not only schema and stored procedures but also application secrets, API keys, session tokens, user credentials, cached authentication tokens, and service account passwords. Security researchers from Neo Security discovered this alarming exposure during routine tooling work, verifying that the file was indeed publicly accessible.
The researchers emphasized that an exposed database backup like this is equivalent to releasing the master blueprints and keys to a vault, noting that such exposure could lead to catastrophic consequences, including large-scale breaches and ransomware attacks. Due to legal and ethical concerns, the researchers did not download the backup in full, but they warned that any skilled threat actor could have already accessed the data, potentially leading to severe security fallout.
Upon discovering the issue, Neo Security promptly alerted EY, who were praised for their professional and prompt response; the company did not deflect, show defensiveness, or issue legal threats, but instead acknowledged the risk and began triaging the problem. Despite the quick engagement, EY took a full week to remediate the issue, which is considered a significant delay given the urgency and potential for malicious exploitation in such security incidents.
The breach highlights the dangers of misconfigured cloud storage and the need for organizations, especially those handling sensitive data, to rigorously audit and secure their backups and databases. The exposure of such a large database could have resulted in the theft of proprietary information, customer data, and even facilitated coordinated cyberattacks on EY and its clients.
Experts urge companies to assume that any publicly accessible database backup may have already been compromised, as even a brief window of exposure can be enough for malicious actors to exploit the data. The incident underscores the importance of robust security practices, regular audits, and rapid incident response protocols to minimize the risk and impact of data breaches.
This incident serves as a cautionary tale for organizations to take extra precautions in securing all forms of sensitive data, especially those stored in backups, and to act swiftly to remediate publicly exposed databases.