Skip to content

Search the site

Scoop: Fujitsu spilled private client data, passwords into the open unnoticed for a year

It takes a special kind of stupid to export a LastPass vault and dump it into a public bucket along with a bunch of AWS keys. How do these people win critical government contracts again, please?

Among the data exposed in the Fujitsu breach.

Fujitsu spilled private AWS keys, client data and plaintext passwords out into the open, unnoticed, for nearly a year according to a security researcher with the Dutch Institute for Vulnerability Disclosure.

Jelle Ursem told The Stack that the multinational had exposed a public Microsoft Azure storage bucket to anyone who encountered it (as he did) that was full of private data. The bucket, named “fjbackup” included:

  • A full mailbox backup (thousands of emails) holding sensitive data.
  • Extensive details on client activity and teams
  • A CSV file of passwords pulled from password manager LastPass
  • Scores of Microsoft OneNote files “with everything you need to know” about customers including Centrica and Dutch water utility PWN, which serves 1.7 million customers; among many others

This post is for subscribers only

Subscribe

Already have an account? Sign In

Latest