All news with #hardcoded credentials tag

🔒 UpGuard discovered and secured a 1.7 TB publicly accessible storage repository that contained detailed documentation of telecommunications infrastructure across Russia, including schematics, administrative credentials, email archives and photographs. The dataset, hosted on an rsync server, appears to relate primarily to projects by Nokia and carrier MTS. Files included installation instructions and images for SORM interception hardware, raising significant operational and national-security risks. UpGuard notified Nokia and access was closed within days.

🔓 UpGuard disclosed that Accenture left four Amazon S3 buckets publicly accessible, exposing sensitive Accenture Cloud Platform data including API keys, certificates, plaintext passwords, and private keys. The buckets — labeled acp-deployment, acpcollector, acp-software, and acp-ssl — contained credentials, VPN keys, logs, and large database dumps that included client information. After discovery on September 17, 2017, UpGuard notified Accenture and the buckets were secured the following day. This incident underscores how misconfigured cloud storage can endanger both vendors and their customers.

🔒 An UpGuard researcher discovered three publicly accessible Amazon S3 buckets tied to Attunity (now part of Qlik) that contained a large collection of internal business documents and backups. The researcher sampled roughly one terabyte of data, including about 750 GB of compressed email backups, plus OneDrive backups, system credentials, private keys, and employee records. UpGuard notified the vendor on May 16, 2019, and public access to the buckets was removed the following day.

🔍 This report details UpGuard's review of publicly downloadable development repositories from data analytics firm AggregateIQ, which contained source code, WordPress backups, database exports, and credentials tied to multiple UK political sites. The exposed repositories appear to link AIQ to web assets for several pro-Brexit groups and campaigns. Sensitive items found include API tokens, payment keys, and admin accounts that, if abused, could grant access to live systems and supporter data. The report highlights misconfiguration and credential management failures with potential regulatory consequences under GDPR.