Subj : EY reportedly leaked a massive 4TB database online - exposing com
To   : All
From : TechnologyDaily
Date : Thu Oct 30 2025 11:45:07

EY reportedly leaked a massive 4TB database online - exposing company secrets 
online for all to see

Date:
Thu, 30 Oct 2025 11:38:57 +0000

Description:
No one knows how long the EY database remained open.

FULL STORY
======================================================================EY 
exposed a 4TB SQL backup online containing sensitive credentials and 
application secrets Neo Security warned EY; researchers suspect threat actors 
may have already accessed the data EY responded professionally but took a 
week to fully remediate the issue 

Ernst & Young (EY), one of the worlds biggest accounting companies, kept a 
complete database backup on the public internet, available to anyone who knew 
where to look. The backup, a .BAK file, was 4 TB in size, and contained 
sensitive information such as schema, data, stored procedures, and every 
secret stored in those tables. 

This is according to a security researcher at Neo Security , who was doing 
low-level tooling work when an SQL Server BAK file caught his attention. 

The researcher did not download the entire database (because that would be a 
felony), but claims these files usually contain API keys, session tokens, 
user credentials, cached authentication tokens, service account passwords. 
Whatever the application stored in the database. Not just one secret... all 
the secrets. "Textbook perfect" response 

The researchers explained that the ramifications might have been enormous. A 
single BAK file, exposed for just a few minutes, was enough for a company to 
get breached and infected with ransomware. 

Finding a 4TB SQL backup exposed to the public internet is like finding the 
master blueprint and the physical keys to a vault, just sitting there. With a 
note that says "free to a good home.", they warned. 

As soon as their suspicions were confirmed, the researchers reached out to EY 
to warn them about the findings. They didnt know how long the database 
remained open for, and said that every responsible researcher should assume 
that by that time, multiple threat actors already stole it. 

Still, they praised EY for their response, saying the companys IT team was 
Textbook perfect. 

Professional acknowledgment. No defensiveness, no legal threats. Just: "Thank 
you. We're on it." 

Still, it took EY a full week to get the issue fully triaged and remediated - 
a lot of time for an issue in which every second matters. 

Via The Register 

 Follow TechRadar on Google News and add us as a preferred source to get our 
expert news, reviews, and opinion in your feeds. Make sure to click the 
Follow button! 

 And of course you can also follow TechRadar on TikTok for news, reviews, 
unboxings in video form, and get regular updates from us on WhatsApp too.



======================================================================
Link to news story:
https://www.techradar.com/pro/security/ey-reportedly-leaked-a-massive-4tb-data
base-online-exposing-company-secrets-online-for-all-to-see


--- Mystic BBS v1.12 A49 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.