Sensitive data leaked by a hosting service provider
In the IT industry, data leaks are legion.
Most of them are often caused by server configuration errors caused by the person responsible for organizing all of this. That's pretty much what happened these days. 60 million customer records from a company that specializes in providing cloud-based application hosting services. This was laid bare in an article published by the media secure Thoughts. The discovery was the result of a collaboration with a computer security specialist named Jeremiah Fowler. A massive leak judged in relation to the amount of data that escaped the control of the responsible company, Cloud Clusters Inc. however, the company claims to have since secured the relevant data.
According to the information that is available in the article of the media, computer security made its discovery precisely on October 5. The database was available online without any protection. This allows anyone to be accessed. Several types of information could also be accessed. In particular, we talk:
– Data backups;
– Monitoring recordings;
– Newspapers of errors;
– User IDs;
– Passwords for Magento;
– WordPress and MySql accounts;
As a reminder, Magento is an e-commerce platform used to market services or products.
According to the specialists, no hacking was necessary to access the information available on the database. In other words, the 63.7 million record. Which can be called a goldmine for cyber criminals if they ever could discover this. Several websites and e-commerce accounts are threatened. The problem with this story is that even the specialists do not know how long this information has been so exposed. This means that the host's customers are actually in a risky situation.
Indeed, after the discovery of the exhibition, the computer security researcher immediately informed the company in charge of this information. Even after receiving the receipt that said, "Thank you for reporting problems to improve the security of the website. We also take data security very seriously."The company did not immediately respond. And according to the researcher, it is not certain that the authorities and customers have been informed of this leak.
Regarding sensitivity, the information exposed Fowler noted: "Newspapers can expose a wide range of data, such as connections, connection failures and other critical transactions. This is an important problem that many companies face and, in most cases, they don't even realize that their error monitoring or logging systems expose data until it's too late (…) Almost all systems generate a certain type of logging and it is important to make sure everything is working properly and keep track of events. It is essential that data security or protection policies include a plan to monitor and review messages from these logs. Thus, if newspapers expose sensitive data, steps can be taken to treat them as a high-risk asset," the report says.
In total, the report states: 63,747,966 records with the following data:
– Users' email addresses;
– The passwords of several services; (Magento, WordPress, MySQL);
– A customer panel;
– Connection paths;
Employee login data;
– Evidence of the Meow bot attack;
– Compilation information;
All the information can enable hackers to initiate different types of computer attacks against multiple websites.
"A data breach or security incident is a nightmare for any business or organization, but it's even worse if you're a company that provides data hosting services. Customers and consumers can only take a number of data protection precautions and ultimately have to trust their data storage provider," notes Jeremiah Fowler.
"Cybercriminals are increasingly creative in targeting their victims to commit malware identity theft or phishing campaigns. Businesses need to do more to protect their users from online threats and use all the tools they need to ensure the best online privacy. This includes securing log and monitoring records that can expose sensitive data," concludes the researcher.
Now access an unlimited number of passwords: