Cloud network-as-service provider Zenlayer has exposed almost 385m customer records as a result of a poorly protected cloud database.
The flaw has been exposed by security researcher Jeremiah Fowler, who is co-founder of Security Discovery. In a post carried on Website Planet [https://www.websiteplanet.com/news/zenlayer-breach-report/], he said: “I immediately sent a responsible disclosure notice [to Zenlayer], and, although I never received a reply, public access [to the database] was secured the following day.”
He added however: “Without a formal reply it is not known if the database was managed directly by Zenlayer or a third party. It is also not known how long the database was exposed or who else may have gained access to it, as only an internal audit could ascertain that information.”
Zenlayer offers SD-WANs (software-defined WANs), a CDN (content delivery network), edge connectivity, and other cloud services to service providers and enterprises globally. Last year, it was awarded an Amazon Web Services Partner of the Year gong.
Zenlayer hasn’t, so far, publicly commented on the cloud leak. Its network and customer reach is extensive, being headquartered in Los Angeles and Shanghai, with offices in Mumbai, Singapore, Hong Kong, Beijing, and Shenzhen. It is connected through over 290 data centres across six continents.
Fowler said of the seriousness of the leak: “The database contained a considerable number of server, error, and monitoring logs that detailed internal information and customer data. Server logs are records that capture information about various events and activities that occur on a computer system or network.
“These logs are essential for monitoring and troubleshooting server performance, diagnosing issues, and ensuring the security of the system. While server logs are crucial for system management and security, they can potentially disclose sensitive data if they are publicly exposed.”
He added: “Any data exposure of customer information poses a potential threat to the confidentiality and privacy of clients. Information such as names and emails of authorised individuals, billing administrators, or account representatives could be potentially useful for targeted phishing attacks or other forms of fraudulent activities.
“For instance, some of the records in the exposed database indicated the name of what appeared to be the dedicated salesperson within Zenlayer assigned to each specific account. Hypothetically, in a social engineering or phishing attack, a cyber criminal could contact the customer posing as the Zenlayer salesperson and ask for payment or banking information.”