On October 5th, Jeremiah Fowler, a security research expert for SecureThoughts.com, discovered a non-password protected database belonging to the Texas-based cloud application hosting provider, Cloud Clusters, Inc. It is still unclear if Cloud Clusters Inc has notified customers or authorities regarding the exposure. According to the CloudClusters website, “Cloud Clusters Inc provides fully managed open-source application services on Kubernetes cloud.”
The database contained a large amount of monitoring and system logs. There were records indicating data backups, monitoring, error logging, and more. There were also user/password credentials for Magento, WordPress accounts, and MySQL all stored in plain text.
In total there were 63.7 million publicly accessible records.
“An exposure of login details could have potentially put these accounts and shoppers [of eCommerce platforms] at risk,” according to Fowler. He goes on to say that those affected by the Cloud Clusters leak could potentially be “targeted by social engineering or spear phishing attempts using the exposed emails and credentials.”
Multiple records in the database connected multiple companies operating under the Cloud Clusters umbrella. At the footer of the Cloud Clusters homepage, different variants of the “clusters” name can be seen. It’s difficult to know just how many of their services were affected, but Fowler saw several variants of CloudClusters amongst the records.
A data breach or security incident is bad under any circumstance, but it’s even worse when you’re a company providing data hosting services as website operators must have faith in their data storage provider(s). Often is the case that the potential danger of exposed logging and monitoring data is overlooked. Logs can contain sensitive data and must be treated as a high-risk asset. With cybercriminals being more creative in targeting victims, the public must be more aware of the risks of identity theft, malware, and phishing campaigns.
If you suspect you’re a victim of this data-breach or any other security breach, immediately change all admin credentials. It would also wise to inform customers to change passwords or details that may have been captured in leaked monitoring logs.
A total summation of what the database contained and more details on this story can be seen at SecureThoughts.com.
0 Comments