Attunity, a Qlik-owned data integration and big data management company whose solutions are used by over 2,000 enterprises and half of the Fortune 100 firms, exposed a significant amount of sensitive data through unprotected Amazon S3 buckets.
On May 13, a researcher at cyber resilience company UpGuard came across three unprotected AWS cloud storage buckets belonging to Attunity. An analysis revealed that the buckets had stored a vast amount of data — the exact size was not determined, but a one-terabyte sample was downloaded for analysis — including email backups, business documents, and employee OneDrive account backups containing emails, passwords, project specifications, and marketing and sales contact information.
The exposed buckets also stored customer-related information. Some examples provided by UpGuard include Netflix database authentication strings, an invoice for a TD Bank software update, and slides describing a project for car maker Ford.
In the exposed files, UpGuard also discovered credentials for Attunity systems and its corporate Twitter account, and employee personal information, including names, salary, date of birth, and employee ID numbers. Researchers determined that the employee IDs might actually be social security numbers.
The oldest files were uploaded to the storage buckets in September 2014 and the most recent were uploaded just days prior to UpGuard’s discovery. However, the cybersecurity firm says it’s unclear when these files actually became publicly accessible. UpGuard informed the vendor of its findings on May 16 and the exposed buckets were secured shortly after.
Qlik, which acquired Attunity earlier this year for $560 million, told SecurityWeek that Attunity customers deploy and operate the software directly in their own environments, and the company doesn’t actually store or host sensitive customer data.
“Following Qlik’s acquisition of Attunity in May, and upon becoming aware of the issue, Qlik applied its security standards and best practices to the Attunity environments, including monitoring by Qlik’s 24×7 security operations center,” Qlik said via email.
“We are still in the process of conducting a thorough investigation into the issue and have engaged outside security firms to conduct independent security evaluations. We take this matter seriously and are committed to concluding this investigation as soon as possible. At this point in the investigation, indications are that the only external access to data was by the security firm that contacted us,” the company added.
Related: Misconfigured Server Leaks Oklahoma Department of Securities Data
Related: Amazon S3 Bucket Exposed GoDaddy Server Information
Related: Data Aggregator LocalBlox Exposes 48 Million Records

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Apple Denies Helping US Government Hack Russian iPhones
- Zero-Day in MOVEit File Transfer Software Exploited to Steal Data From Organizations
- Russia Blames US Intelligence for iOS Zero-Click Attacks
- Cisco Acquiring Armorblox for Predictive and Generative AI Technology
- Moxa Patches MXsecurity Vulnerabilities That Could Be Exploited in OT Attacks
- Organizations Warned of Salesforce ‘Ghost Sites’ Exposing Sensitive Information
- Organizations Warned of Backdoor Feature in Hundreds of Gigabyte Motherboards
- Barracuda Zero-Day Exploited to Deliver Malware for Months Before Discovery
Latest News
- OpenAI Unveils Million-Dollar Cybersecurity Grant Program
- Galvanick Banks $10 Million for Industrial XDR Technology
- Information of 2.5M People Stolen in Ransomware Attack at Massachusetts Health Insurer
- US, South Korea Detail North Korea’s Social Engineering Techniques
- High-Severity Vulnerabilities Patched in Splunk Enterprise
- Idaho Hospitals Working to Resume Full Operations After Cyberattack
- Enzo Biochem Ransomware Attack Exposes Information of 2.5M Individuals
- Apple Denies Helping US Government Hack Russian iPhones
