Security expert Jeremiah Fowler found a non-password-protected database that contained a large amount of monitoring and system logs on October 5th. This database included indicating data backups, monitoring, error logging, and more. Due to Fowler’s research, this database belongs to the Texas-based cloud application hosting provider, Cloud Clusters, which has 4 data center locations, including Bend, Oregon, Charlotte, North Carolina, Denver, Colorado, and Dallas, Texas.
63.7 million records have been exposed
The database contained client panel and employee login paths, data, IP addresses, Ports, Pathways, and storage info that cybercriminals were set to open and visible in any browser, and anyone could edit, download, or even delete data without administrative credentials. Briefly, these records were publically accessible, and no hacking was necessary to see 63.7 million records.
Fowler gave details about the database, saying,
“Emails and passwords in plain text are a potential nightmare waiting to happen. I saw user/password credentials for Magento, WordPress accounts, and MySql. Magento is an eCommerce platform used to sell products or services and WordPress is a website management system written in PHP. An exposure of login details could have potentially put these accounts and shoppers at risk. Cloud Clusters Inc’s customers could have been targeted by social engineering or spear phishing attempts using the exposed emails and credentials.”
Jeremiah Fowler immediately sent a responsible disclosure notice of his findings to the company. After a second follow-up email on October 13th, the company replied to his message, saying, “Thanks for pointing out the problems to enhance website security. We also take data security very seriously.” Fowler commented on this reply, “It is unclear if Cloud Clusters had notified customers or authorities regarding the exposure.”
It is unclear for how long these records were exposed or who else may have had access to this data. As a cybersecurity researcher, Fowler said that all administrative credentials should be changed immediately after any security breach
The reason is the insufficient log monitoring
While most companies focus on data protection of their core assets, because of insufficient log monitoring they can expose sensitive internal data. Logs can expose a wide range of data like logins, failed logins, and other critical transactions. To avoid having a data breach or security incident, the security or data protection policies must include a plan to monitor and review messages coming from logs.
Clients and customers are responsible for taking precautions against data breaches. Companies also must protect their users from online threats via data protection plans that include securing logging and monitoring records.