Fujitsu spilled client data, passwords into the open

Scoop: Fujitsu spilled private client data, passwords into the open unnoticed for a year

It takes a special kind of stupid to export a LastPass vault and dump it into a public bucket along with a bunch of AWS keys. How do these people win critical government contracts again, please?

Catherine Sarisky

Mar 21, 2024 - 4 min read

Fujitsu spilled private AWS keys, client data and plaintext passwords out into the open, unnoticed, for nearly a year according to a security researcher with the Dutch Institute for Vulnerability Disclosure.

Jelle Ursem told The Stack that the multinational had exposed a public Microsoft Azure storage bucket to anyone who encountered it (as he did) that was full of private data. The bucket, named “fjbackup” included:

A full mailbox backup (thousands of emails) holding sensitive data.
Extensive details on client activity and teams
A CSV file of passwords pulled from password manager LastPass
Scores of Microsoft OneNote files “with everything you need to know” about customers including Centrica and Dutch water utility PWN, which serves 1.7 million customers; among many others

Get the full story: Subscribe for free

Get the story, a weekly newsletter (you can turn that off if you want) and help us fight bots and feral algorithms. Subscribe today.

Subscribe now

Already a member? Sign in