Fujitsu spilled private AWS keys, client data and plaintext passwords out into the open, unnoticed, for nearly a year according to a security researcher with the Dutch Institute for Vulnerability Disclosure.

Jelle Ursem told The Stack that the multinational had exposed a public Microsoft Azure storage bucket to anyone who encountered it (as he did) that was full of private data. The bucket, named “fjbackup” included:

  • A full mailbox backup (thousands of emails) holding sensitive data.
  • Extensive details on client activity and teams
  • A CSV file of passwords pulled from password manager LastPass
  • Scores of Microsoft OneNote files “with everything you need to know” about customers including Centrica and Dutch water utility PWN, which serves 1.7 million customers; among many others

Get the full story: Subscribe for free

Get the story, a weekly newsletter (you can turn that off if you want) and help us fight bots and feral algorithms. Subscribe today.

Subscribe now

Already a member? Sign in