Scoop: Fujitsu spilled private client data, passwords into the open unnoticed for a year

It takes a special kind of stupid to export a LastPass vault and dump it into a public bucket along with a bunch of AWS keys. How do these people win critical government contracts again, please?

Scoop: Fujitsu spilled private client data, passwords into the open unnoticed for a year
Among the data exposed in the Fujitsu breach.

Fujitsu spilled private AWS keys, client data and plaintext passwords out into the open, unnoticed, for nearly a year according to a security researcher with the Dutch Institute for Vulnerability Disclosure.

Jelle Ursem told The Stack that the multinational had exposed a public Microsoft Azure storage bucket to anyone who encountered it (as he did) that was full of private data. The bucket, named “fjbackup” included:

  • A full mailbox backup (thousands of emails) holding sensitive data.
  • Extensive details on client activity and teams
  • A CSV file of passwords pulled from password manager LastPass
  • Scores of Microsoft OneNote files “with everything you need to know” about customers including Centrica and Dutch water utility PWN, which serves 1.7 million customers; among many others