A major data breach involving Ernst & Young (EY), one of the world’s top accounting firms, has been revealed after a 4TB SQL Server backup file was publicly accessible on Microsoft Azure. Discovered by cybersecurity firm Neo Security during routine asset mapping, the exposed backup contained sensitive information such as database schemas, user data, and potentially embedded secrets like API keys and credentials.
The investigation found that the .BAK backup file was improperly configured, making it accessible to anyone with internet access. Neo Security's researchers identified the file through passive network traffic analysis, which revealed its large size. Further investigation linked the storage to EY via domain records, confirming the company’s involvement.
Only the first 1,000 bytes of the file were downloaded to verify its contents, revealing unencrypted, sensitive data. This incident echoes a previous breach where brief exposure of similar files led to data theft and ransomware attacks. With malicious bots scanning the internet rapidly, such exposures pose an ongoing threat.
EY responded quickly, working with its CSIRT to fix the vulnerability within a week. This case underscores the risks of cloud misconfiguration, especially in complex environments like Azure, where simple errors can expose vast amounts of critical data. Experts stress the importance of continuous security monitoring to prevent future leaks.
