Suspicious wording, if indeed "The four servers were quietly secured the next day.". Normally the PR response would have emphasised that e.g. "we took action immeiately and resolved the problem within 24 hours".
And as for "non-authorized IP address" - really? Is IP address whitelisting used to secure this stuff? And if so, then how on earth did an unauthorized IP address get through?
And then "the company downplayed the exposure, saying the data was less than half a percent of its cloud service" - but according to TFA that 0.5% included the master keys!?!
At the least, their public responses are feeble and imprecise.
Which leads to the suspicion that something darker happened.
This is why companies put authorized use only login banners on servers and network gear.
I don't know if they understand that password re-use is a thing. So it doesn't matter if the passwords are too old or not.
Still the response is nothing but a long line of excuses: the data was not client related, no PII data was leaked, passwords are old etc.
I think I'll take a break from HN to send an e-mail to some friends whose employers are Accenture customers and see if they've heard from 'em about this.
Maybe don't do that?
Also, the greater-than sign in their logo is amusing. I amused myself by looking at the picture while mentally inserting nouns. eg dog poop > Accenture
I am easily amused.
source: unfortunately I used to work there when they came up with the name.
There are many major companies in Accenture's client portfolio that this would expose, including health-care companies.
1) The story only just broke.
2) No actual breach seems to of occurred: We asked if anyone else had accessed the servers, the spokesperson said its logs showed access "by only a single non-authorized IP address which we traced back to a data security consultant who contacted us about about two weeks ago," referring to Vickery.
I might be wrong about this, but my understanding is that a decent black-hat hacker wouldn't have left many (if any) breadcrumbs because he had "the keys to the kingdom". It would be easy to erase change logs on the way out.
I might be cynical but Accenture is a big advertiser and main stream news sites generally don't want to piss off their source of income.
Also, there are so many sites now that Accenture couldn't be advertising on all of them, at least not significantly.
How does he do it?
S3 has a hostile interface which is missing many necessary features. AWS try to supplement this through 3rd party products (Cloudberry) and other paid services (Macie), instead of making a client that helps you know what's in your buckets and who can see them.