The Register
A Dutch cybersecurity outfit says its lead researcher recently stumbled upon a 4TB+ SQL Server backup file belonging to EY exposed to the web, effectively leaking the accounting and consulting megacorp's secrets.
Among the BAK file's data were API keys, cached authentication tokens, session tokens, service account passwords, and user credentials, Neo Security's writeup explained.
"Finding a 4TB SQL backup exposed to the public internet is like finding the master blueprint and the physical keys to a vault, just sitting there," it said. "With a note that says 'free to a good home.'
"[The lead researcher had] investigated breaches that started with less. Way less. He once traced an entire ransomware incident back to a single web.config file that leaked a connection string. That was 8 kilob
Bozeman Daily Chronicle
NBC News
ClickOrlando
Local News in Indiana
Local News in Georgia
Reuters US Top
America News
Daily Voice
The Daily Beast
Raw Story