A security research was scouring the dark and other webs recently and came across a 57GB file that had over 380 million records in it. With a little deducation, he concluded it belonged to Zenlayer, a global network services provider playing in the SD-WAN, CDN, and other network spaces. They have nearly 300 datacenters in six continents.
And their back office was just cracked open:
What’s truly alarming is that this treasure trove of data wasn’t safeguarded by even a basic password. It was out there in the open, accessible to anyone, including those with malicious intent. Essentially, it was a “come and take it, no questions asked” scenario, leaving the door wide open for potential exploitation by threat actors.
Ouch.
The danger with this kind of information is manyfold:
- Further Hacks: The more info an attacker has, the easier it is to leverage more attacks. In this case, the hacker knows customer info, what services they have and where, etc.
- Impersonation: A social engineer can contact these customers and effectively impersonate a Zenlayer employee. “Please verify your bank information”, “your payment didn’t go through, can we process another way,” etc.
- Sale of Personal Info: Easy to monetize millions of people’s info if it contains things like name, address, phone number, date of birth, etc.
Zenlayer commented:
We’re aware of the data exposure, have patched the issue, and are engaged with the researcher who originally discovered the data leak. We’ll provide additional information when the investigation is complete.
Full story on HackRead.
- Cheater Pants! Some Providers are Posting Black Friday Deals Early…and You’ll Love Them - November 25, 2024
- LowEndBoxTV: AMD Shootout: Ryzen vs. Epyc – Which is Right For You? - November 24, 2024
- Early Black Friday Offer: VersaWeb has a Dedi Deal in Las Vegas, Dallas, and Miami! - November 23, 2024
Leave a Reply