A large 4TB SQL Server backup from Ernst & Young (EY) was found publicly available on Microsoft Azure, putting the company at risk of data exposure. This was discovered by Neo Security during a regular check to map assets, and they found a .BAK file that probably includes database structures, login details, and other private information.
The source was traced back to EY Italy, using DNS records connected to ey.com and documents from a merger that were in the file's metadata.
To avoid legal problems, researchers only downloaded a small part of the file—1,000 bytes—to confirm it was an unencrypted SQL backup. EY’s security team was informed through LinkedIn after several attempts to reach them, and they fixed the problem within a week.
EY said no client or secret data was affected, and the issue was limited to a company they had acquired.
Cybersecurity experts say that automated scans online can find such exposed files in just a few minutes, highlighting the importance of keeping a close eye on cloud environments and being ready to act quickly to stop future problems.
Related News