Fujitsu spilled client data, passwords into the open

Scoop: Fujitsu spilled private client data, passwords into the open unnoticed for a year

It takes a special kind of stupid to export a LastPass vault and dump it into a public bucket along with a bunch of AWS keys. How do these people win critical government contracts again, please?

Edward Targett

Mar 21, 2024 - 4 min read

Fujitsu spilled private AWS keys, client data and plaintext passwords out into the open, unnoticed, for nearly a year according to a security researcher with the Dutch Institute for Vulnerability Disclosure.

Jelle Ursem told The Stack that the multinational had exposed a public Microsoft Azure storage bucket to anyone who encountered it (as he did) that was full of private data. The bucket, named “fjbackup” included:

A full mailbox backup (thousands of emails) holding sensitive data.
Extensive details on client activity and teams
A CSV file of passwords pulled from password manager LastPass
Scores of Microsoft OneNote files “with everything you need to know” about customers including Centrica and Dutch water utility PWN, which serves 1.7 million customers; among many others

Get the full story: Subscribe for free

Join peers managing over $100 billion in annual IT spend and subscribe to unlock full access to The Stack’s analysis and events.

Subscribe now

Already a member? Sign in