Attunity Ltd. exposes 750 GB of email backups due to misconfigured Amazon S3 buckets

• This exposed information includes the data from Ford Motor Co. and Toronto-Dominion Bank.
• These publicly accessible S3 buckets were named after the firm such as “attunity-it,” “attunity-patch” and “attunity-support”.

Israel-based data management firm Attunity Ltd. has exposed internal files of some of its clients on the web. This includes the data from Ford Motor Co. and Toronto-Dominion Bank.

What’s the matter?

According to a report from UpGuard Inc., a set of unsecured cloud storage buckets belonging to Attunity Ltd. had leaked a huge collection of internal business documents. The researchers had discovered three public accessible Amazon S3 buckets which contained about a terabyte of files, including 750 gigabytes of compressed email backups.

These publicly accessible S3 buckets were named after the firm such as “attunity-it,” “attunity-patch” and “attunity-support”. The ‘attunity-it’ S3 bucket was the oldest of all and contained sensitive files that dated back to September 2014.

What data was exposed?

The buckets contained a wide range of data that employees needed to perform their jobs. This included email correspondence, system passwords, sales and marketing contact information and project specifications.

Documents attributed to TD Bank included invoices, agreements, and files on the technology solution that Attunity was configuring for the bank. Attunity’s data buckets had also revealed Ford’s information-technology architecture and details on internal project plans.

The bottom line

So far, UpGuard has found no evidence if bad actors took advantage of the information when it was accessible online. Meanwhile, Attunity has removed the public access to the buckets the day after UpGuard informed the company about the breach in May.