Top global network service provider apparently leaks hundreds of millions of user accounts
Unprotected database found sitting on the internet
A top global network service provider kept a database with sensitive internal and customer information unlocked on the internet, available to anyone who knew where to look.
The breach was discovered by cybersecurity researcher Jeremiah Fowler, who reported it to its operator, who subsequently locked it down.
The company in question is Zenlayer, a global network services provider with more than 290 data centers across the world, and offices in Mumbai, Singapore, Hong Kong, and elsewhere.
Valuable data for hackers
Fowler found a non-password protected database with 380 million records, including Zenlayer internal data and customer information. The database, Fowler says, contained a “considerable number” of server, error, and monitoring logs, “that detailed internal information and customer data”.
Among the database’s files were folders with logging records labeled as “application”, “dashboard”, “vendor”, “notification”, “messaging”, “project management”, “workflow”, and “security”.
In one instance, Fowler found a name of a person that might be a dedicated salesperson within Zenlayer, assigned to specific accounts. In another, he found customer records of a company “described as a leading provider of international capacity for telecom carriers in Russia”. He also saw registration and filing documents which suggested the company was owned, in part, by a Russian state-controlled entity that was sanctioned by the West.
He also saw logs indicating VPN records and numerous IP addresses which, Fowler speculates, could be used by threat actors to map the network, identify potential targets, and plan for a future cyberattack.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
While Zenlayer locked the database down as soon as Fowler reached out, the company never got back to him with any details. At press time, we didn’t know just how long the database went unprotected, or if anyone, potentially a malicious player, accessed it before. We also don’t know how many people, or organizations, could be affected by this misconfiguration. We have reached out to Zenlayer with a few questions and will update the article if we get a reply.
February 15, 2024 - Shortly after publishing the article, a Zenlayer spokesperson replied with the following statement:
"We’re aware of the data exposure, have patched the issue, and are engaged with the researcher that originally discovered the data leak. We’ll provide additional information when the investigation is complete."
More from TechRadar Pro
- Major data breach exposes database of 200 million users
- Here's a list of the best firewalls around today
- These are the best endpoint security tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.