Enterprise Scale: How Public Storage Buckets Leaked Private Credentials

Enterprise data processing company, Hortonworks, part of a merger with Cloudera, experienced multiple misconfigured cloud storage buckets. Security analyst, UpGuard, found that among terabytes of publicly accessible files were multiple system credentials and internal developer data. Cloudera originally stated the issue had been resolved, but later discovered the issue to be more severe, finding its collaboration and automation system’s backup was publicly accessible, including developer usernames and encrypted passwords. It took 11 days to fully respond to the security concern.