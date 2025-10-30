British multinational auditing and accounting firm EY had a 4 TB SQL Server backup file containing its corporate secrets leaked online for an undetermined amount of time, reports The Register

Included in the unsecured SQL Server backup file were API keys, session tokens, cached authentication tokens, user credentials, and service account passwords that could be leveraged by threat actors to facilitate damaging cyber intrusions, according to an analysis from Neo Security, which discovered the internet-exposed file.

EY was noted to have remediated the misconfigured cloud bucket within a week of being notified by Neo Security. Such an incident was noted by Neo Security researchers to be reminiscent of an unsecured cloud bucket-related ransomware attack that bankrupted the targeted organization. Organizations could have troves of data inadvertently exposed due to bucket name typos or a mistaken click while using cloud platforms.

"The tools are designed for convenience, not security. They assume you know what you're doing. They don't warn you that you just exported your entire customer database to a bucket that's readable by anyone on the internet," Neo Security added.