A Dutch cybersecurity firm, Neo Security, discovered a massive 4TB SQL Server backup file belonging to EY exposed on the open internet. The leaked data included sensitive information such as API keys, session tokens, user credentials, and service account passwords. The exposure stemmed from a cloud bucket misconfiguration, a common issue in cloud storage setups. Neo's lead researcher compared the find to discovering a vault's master blueprint left out in the open. The researcher, who remains unnamed, noted that he had seen breaches triggered by much smaller leaks, citing a past incident involving just 8 kilobytes of exposed data leading to a ransomware attack. He downloaded a small portion of the BAK file and confirmed it was unencrypted. The article highlights the ease with which sensitive data can be misconfigured and left exposed in modern cloud platforms. A wrong click or typo can inadvertently make private information publicly accessible. EY's database exposure raises serious concerns about data security practices within large corporations. While it's unclear how long the data was exposed, the potential for compromise is significant. The researcher had to reach out to EY's incident responders through LinkedIn, but the company's response was described as professional and effective, leading to a resolution within a week. The Register has sought further details from EY regarding the incident.