Ernst & Young (EY), one of the world’s Big Four accounting and professional services firms, was recently found hosting a publicly accessible 4-terabyte SQL Server backup on Microsoft Azure. The file, discovered by researchers at Dutch cybersecurity firm Neo Security, contained unencrypted data including API keys, user credentials, and authentication tokens.

The exposure was the result of a misconfigured storage container, a common issue in large cloud environments.

EY’s security team responded promptly after being contacted by the researchers, and the exposed file was secured within a week. No malicious activity has been confirmed, but the incident raises ongoing concerns about visibility and oversight in large-scale cloud environments.

As attack surfaces grow, organizations face raising pressure to detect and resolve these issues before automated scans or threat actors get there first.

Why It Matters: Cloud misconfigurations remain one of the most common sources of data exposure. Incidents like this reflect the complexity and scale of modern infrastructure. The EY case highlights how even temporary oversights can create serious security risks, and why automated discovery and proactive monitoring are critical to reducing exposure windows.

• 4TB SQL Server Backup Exposed Due to Misconfiguration: The unencrypted database backup was accessible via the public internet due to an Azure storage setting that left permissions open. The file was large enough to raise immediate concern during passive scanning by Neo Security.

• Neo Security Discovered the File During Routine Research: As part of its work in identifying digital exposure risks, Neo Security detected the file through an unusual HTTP response. File headers and naming conventions confirmed it was a live SQL Server backup.

• Backup Included Potentially Sensitive Credentials: Researchers did not download the file, but preliminary inspection showed indicators of high-risk content, such as API keys, session tokens, and service account information, assets that could be valuable to attackers if accessed.

• EY Responded Quickly After Responsible Disclosure: After DNS records were used to trace the storage to EY, researchers contacted the company through LinkedIn. EY’s security team handled the report professionally, took the findings seriously, and remediated the issue within days.

• A Broader Cloud Security Challenge: The incident reflects a common pain point in enterprise cloud operations that one misconfigured Access Control List (ACL) can expose large volumes of data. Cloud services prioritize ease of use, which can lead to significant security risks if oversight and automated safeguards aren’t in place.

Go Deeper -> EY exposes 4TB+ SQL database to open internet for who knows how long – The Register

EY Data Exposure: 4TB SQL Server Backup Found Publicly Accessible on Azure – Cyber Press