EY reportedly leaked a massive 4TB database online - exposing company secrets online for all to see

• EY exposed a 4TB SQL backup online containing sensitive credentials and application secrets
• Neo Security warned EY; researchers suspect threat actors may have already accessed the data
• EY responded professionally but took a week to fully remediate the issue

Ernst & Young (EY), one of the world’s biggest accounting companies, kept a complete database backup on the public internet, available to anyone who knew where to look. The backup, a .BAK file, was 4 TB in size, and contained sensitive information such as schema, data, stored procedures, and “every secret stored in those tables”.

This is according to a security researcher at Neo Security, who was doing “low-level tooling work” when an SQL Server BAK file caught his attention.

The researcher did not download the entire database (because that would be a felony), but claims these files usually contain “API keys, session tokens, user ...