A security research was scouring the dark and other webs recently and came across a 57GB file that had over 380 million records in it.  With a little deducation, he concluded it belonged to Zenlayer, a global network services provider playing in the SD-WAN, CDN, and other network spaces.  They have nearly 300 datacenters in six continents.

And their back office was just cracked open:

What’s truly alarming is that this treasure trove of data wasn’t safeguarded by even a basic password. It was out there in the open, accessible to anyone, including those with malicious intent. Essentially, it was a “come and take it, no questions asked” scenario, leaving the door wide open for potential exploitation by threat actors.

Ouch.

The danger with this kind of information is manyfold:

• Further Hacks: The more info an attacker has, the easier it is to leverage more attacks.  In this case, the hacker knows customer info, what services they have and where, etc.
• Impersonation: A social engineer can contact these customers and effectively impersonate a Zenlayer employee.  “Please verify your bank information”, “your payment didn’t go through, can we process another way,” etc.
• Sale of Personal Info: Easy to monetize millions of people’s info if it contains things like name, address, phone number, date of birth, etc.

Zenlayer commented:

We’re aware of the data exposure, have patched the issue, and are engaged with the researcher who originally discovered the data leak. We’ll provide additional information when the investigation is complete.

Full story on HackRead.

• Author
• Recent Posts

raindog308

Dread Lord of LowEnd Content at LowEndBox

I'm raindog308, techno polymath and long-time LowEndTalk community Administrator. My technical interests include all things Unix, perl, python, golang, shell scripting, vintage operating systems such as MVS, and relational database systems such as Oracle, PostgreSQL, and MySQL.

I also enjoy using LEBs! I have an empire of little guys for VPNs, larger guys for apps, and big guys for databases and storage. When I'm not in front a screen I'm into German Shepherd dogs, quality knives, target shooting, theology, tabletop roleplaying games, and forest hiking.

I enjoy writing technical articles here on LowEndBox to help people get more out of their systems. You can find me on LowEndTalk @raindog308

Latest posts by raindog308 (see all)

• Artificial Intelligence Wants Lower Pricing on LowEndBox’s Black Friday - November 26, 2024
• Cheater Pants! Some Providers are Posting Black Friday Deals Early…and You’ll Love Them - November 25, 2024
• LowEndBoxTV: AMD Shootout: Ryzen vs. Epyc – Which is Right For You? - November 24, 2024