U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

EY Exposes 4TB SQL Server Backup Publicly on Microsoft Azure

A massive 4TB SQL Server backup file belonging to global accounting giant Ernst & Young (EY) was discovered publicly accessible on Microsoft Azure. Cybersecurity firm Neo Security discovered a 4TB SQL Server backup belonging to accounting giant Ernst & Young (EY) publicly accessible on Microsoft Azure during a routine scan. Neo Security’s lead researcher identified a […]

EY Exposes 4TB SQL Server Backup Publicly on Microsoft Azure

A massive 4TB SQL Server backup file belonging to global accounting giant Ernst & Young (EY) was discovered publicly accessible on Microsoft Azure.

Cybersecurity firm Neo Security discovered a 4TB SQL Server backup belonging to accounting giant Ernst & Young (EY) publicly accessible on Microsoft Azure during a routine scan.

Neo Security’s lead researcher identified a 4TB publicly exposed file during passive network analysis. The file’s .BAK extension indicated a full SQL Server database backup, likely containing sensitive data such as schemas, user information, API keys, credentials, and authentication tokens.

“Neo Security’s lead researcher discovered the file while examining passive network traffic with low-level tools. A simple HEAD request designed to retrieve metadata without downloading content revealed a massive size: 4 terabytes of data, which is equivalent to millions of documents or the contents of an entire library.” reported Cybersecurity News.

Initial Azure Blob searches revealed no owner, but merger documents and a DNS SOA lookup linked the 4TB SQL Server backup to EY. Neo Security verified it was unencrypted by downloading just 1,000 bytes, confirming real risk based on past fintech breaches from brief .BAK exposures.

“Trying to confirm ownership can be hard. He started digging. Company name searches led to business merger documents. In a south-central European language. He fed them through DeepL. The translation revealed the company was acquired in 2020 by a larger entity, but the parent company name wasn’t immediately obvious.” reads the report published by Neo Security. “Then he ran an SOA record lookup. A “Start of Authority” DNS query, basically asking the internet’s phonebook “who’s really in charge of this domain?” The response came back pointing to an authoritative DNS server: ey.com.”

“This wasn’t some startup. This was Ernst & Young.” adds the report.

In a past incident, attackers exploited brief cloud exposure to steal PII and credentials. Neo Security responsibly disclosed EY’s 4TB backup, contacting EY’s CSIRT after 15 failed attempts.

EY quickly remediated the issue, confirming no client or confidential data was affected. Experts stress that automated scanning makes exposures inevitable, highlighting the need for continuous cloud visibility and leak detection tools.

Given modern automated scanning tools, the exposure meant that countless actors could have discovered it, so the concern wasn’t “if” someone found it, but “how many.”

The incident highlights two critical points:

  • Even a resource-rich organization like EY can accidentally leave massive, sensitive data exposed due to the complexity and speed of modern cloud environments.
  • In the era of automated scanning and botnets, exposures are extremely high-risk—continuous, automated monitoring and attack surface management are essential to detect and remediate leaks before malicious actors exploit them.

    Follow me on Twitter: @securityaffairs and Facebook and Mastodon

    Pierluigi Paganini

    (SecurityAffairs – hacking, Ernst & Young)