In a prime example of companies that are supposed to be safeguarding information making it super-easy for hackers by basically leaving their back door unlocked, tech giant Accenture neglected to password protect four servers and exposed not only their private data, but the data of their customers to basically anyone who bothered to look. Accenture bills itself as a company that can help technology work for your company. Accenture boasts nearly 3/4 of the global Fortune 500 companies on their client list. So if you used an insurance company that had access to your private information and they used Accenture, it’s possible that someone who gained entry to Accenture’s unsecured servers could see your data.
The security experts at UpGuard discovered that a minimum of four cloud servers were not even secured with a password. That means anyone could have downloaded the information stored on them including passwords and customer information. This information could have been used to attack Accenture, companies that count on their services, and also the customers of those companies. UpGuard showed screenshots of some of the data they were able to see on the unsecured servers. As you can see below, they did obscure the private information that was exposed.
The gaping hole in security was discovered by UpGuard in mid-September. The immediately notified Accenture who put passwords on the servers the next day. You can read more on the details of the breach at UpGuard’s site by clicking here.
One thing to remember about cyber-security is that nearly all breaches come from mistakes on the part of the company that’s breached, not covert hackers lurking the shadows. Simple things like setting a password or running security updates are just ignored by people who are supposed to IT professionals. It’s very much the same with home users, most of us are done in by easily avoidable mistakes. Hackers don’t have to be clever, we just have to be careless.