找回密码
 立即注册

[爆料] 大规模云数据库泄漏暴露3.8亿条记录

[复制链接]
亏了 发表于 2024-2-19 22:44:47 | 显示全部楼层 |阅读模式

马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。

您需要 登录 才可以下载或查看,没有账号?立即注册

×
以下是机翻译文。

发现数据库泄漏的研究人员怀疑它属于Zenlayer,一家按需云服务器提供商。然而,由于该公司没有提供任何回应或确认,不确定性依然存在。

更新:格林尼治标准时间2024年2月14日20:44-文章更新为Zenlayer发言人的声明。



我们知道数据泄露,已经修复了这个问题,并与最初发现数据泄露的研究人员进行了接触。调查完成后,我们将提供更多信息。

网络安全研究员Jeremiah Fowler偶然发现了一件非常令人担忧的事情:一个据称属于全球网络服务提供商Zenlayer的云数据库泄漏,没有得到保护,配置错误。更令人震惊的是,它所包含的敏感数据量之大:惊人的3.8亿条记录。



384658212条记录–57.46 GB的数据库

在进一步挖掘服务器后,分析揭示了一个令人不安的事实。泄露的信息不仅仅局限于平凡的细节;它包括公司的内部运作,更令人担忧的是,还包括客户数据。总的来说,384658212条令人瞠目结舌的记录,总计57.46 GB,被公之于众。

真正令人担忧的是,这个数据宝库甚至连一个基本密码都没有得到保护。它是公开的,任何人都可以访问,包括那些有恶意的人。从本质上讲,这是一种“来了就走,不用问任何问题”的场景,为威胁行为者的潜在利用敞开了大门。

大量记录泄露

在该数据库中,发现了大量记录内部操作和客户活动的服务器、错误和监控日志。虽然这些日志在监控服务器性能、故障排除和确保系统安全方面发挥着至关重要的作用,但它们也具有潜在的威胁。

供您参考,Zenlayer是一家全球网络服务提供商,为电信、游戏、媒体、娱乐、云计算和区块链行业的全球品牌提供SD-WAN、CDN和云服务。该公司总部位于洛杉矶和上海,在六大洲拥有290多个数据中心。2021年,英国《金融时报》将其列为美国增长最快的电信公司排行榜的第三名。

将这些日志暴露在公众面前可能会泄露敏感信息。如果未经授权的个人处理不当或访问不当,本应是提高运营效率和防范潜在威胁的工具,但很快就会变成一种责任。

服务器还包含各种应用程序、仪表板、供应商、通知和安全性的日志记录。暴露的客户数据,包括授权个人的姓名和电子邮件,可能被用于有针对性的网络钓鱼攻击或欺诈活动。例如,攻击者可能冒充Zenlayer销售人员,索要付款或银行信息。

此外,数据库暴露不仅暴露了用户角色等敏感信息,还披露了内部电子邮件地址。这些数据对网络犯罪分子来说可能是无价的,为诈骗和社会工程攻击提供了便利。



通过访问这些电子邮件,恶意行为者可能会针对员工进行网络钓鱼活动,可能导致机密数据泄露、恶意软件安装和凭据泄露。

大规模云数据库泄漏暴露380条记录

俄罗斯数据

Fowler在Website Planet上的博客文章显示,部分记录是一家俄罗斯电信运营商的数据,该公司部分由一家受制裁的国家控制公司所有,被指控参与互联网流量劫持或BGP(边境网关协议)劫持,攻击者可以拦截、检查或修改网络流量。

然而,Fowler澄清说,他并没有声称Zenlayer的客户参与了BGP劫持事件。

Fowler还发现了包含**扶强**记录和许多IP地址的日志,包括控制器主机IP、控制器IP、IP LAN、跳线IP和PXE IPMI。这些IP可能会揭示组织的内部网络架构,从而可能使攻击者能够绘制网络地图、识别目标或计划未来的网络攻击。

尽管如此,在Fowler通知Zenlayer的第二天,公众访问就得到了保障。目前尚不清楚该数据库是由Zenlayer还是第三方管理的,它被暴露了多长时间,以及其他谁可能获得了访问权限。

幸运的是,多亏了Fowler及时负责的披露,管理员们在一天内成功地保护了暴露的数据库。尽管采取了这一迅速行动,但该公司没有承认或回应研究人员的努力。因此,该数据库是由Zenlayer直接管理还是由第三方处理仍存在不确定性。
 楼主| 亏了 发表于 2024-2-19 22:45:26 | 显示全部楼层
原文如下:

The researcher who discovered the database leak suspects it belongs to Zenlayer, an on-demand cloud server provider. However, uncertainty persists as the company has not provided any response or confirmation.
Update: 20:44, Feb 14, 2024, GMT – Article updated with statement from Zenlayer spokesperson.

We’re aware of the data exposure, have patched the issue, and are engaged with the researcher who originally discovered the data leak. We’ll provide additional information when the investigation is complete.
Jeremiah Fowler, a cybersecurity researcher, stumbled upon something quite alarming: a cloud database leak allegedly belonging to the global network service provider Zenlayer, left unprotected and misconfigured. What’s even more shocking is the sheer volume of sensitive data it contained: a staggering 380 million records.

384,658,212 records – 57.46 GB of Database
Upon further digging into the server, the analysis revealed a disturbing truth. The leaked information wasn’t just limited to mundane details; it encompassed the company’s internal workings and, even more concerning, customer data. In total, a jaw-dropping 384,658,212 records, totaling 57.46 GB, were laid bare for all to see.
What’s truly alarming is that this treasure trove of data wasn’t safeguarded by even a basic password. It was out there in the open, accessible to anyone, including those with malicious intent. Essentially, it was a “come and take it, no questions asked” scenario, leaving the door wide open for potential exploitation by threat actors.
Trove of Records Leaked
Within this database, numerous servers, error, and monitoring logs were found documenting both internal operations and customer activities. While these logs play a vital role in monitoring server performance, troubleshooting issues, and ensuring system security, they also carry a potential threat.
For your information, Zenlayer is a global network services provider offering SD-WAN, CDN, and cloud services to global brands in the telecom, gaming, media, entertainment, cloud computing, and blockchain sectors. Headquartered in Los Angeles and Shanghai, it has over 290 data centres across six continents. In 2021, Financial Times ranked it third on America’s Fastest Growing Telecom Companies list.
Exposing these logs to the public eye could disclose sensitive information. What was meant to be a tool for enhancing operational efficiency and safeguarding against potential threats could quickly turn into a liability if mishandled or accessed by unauthorized individuals.
The server also contained logging records for various applications, dashboards, vendors, notifications, and security. The exposed customer data, including names and emails of authorized individuals, could be used for targeted phishing attacks or fraudulent activities. For example, attackers may pose as a Zenlayer salesperson and ask for payment or banking information.
Additionally, the database exposure not only exposed sensitive information like user roles but also disclosed internal email addresses. This data could prove invaluable for cybercriminals, facilitating scams and social engineering attacks.

With access to these emails, malicious actors could carry out phishing campaigns targeting employees, potentially leading to the disclosure of confidential data, the installation of malware, and the compromise of credentials.
Massive Cloud Database Leak Exposes 380 Records
Russian Data
Fowler’s blog post on Website Planet reveals that part of the records was data of a Russian telecom carrier company, partially owned by a sanctioned state-controlled company, accused of involvement in internet traffic hijacking, or BGP (Border Gateway Protocol) hijacking, which allows attackers to intercept, inspect, or modify network traffic.
However, Fowler clarified that he wasn’t claiming that a Zenlayer customer was involved in the BGP hijacking.
Fowler also discovered logs containing **扶强** records and numerous IP addresses, including controller host IP, controller IP, IP LAN, jumper IP, and PXE IPMI. These IPs may reveal the organization’s internal network architecture, potentially allowing attackers to map the network, identify targets, or plan future cyberattacks.
Nevertheless, public access was secured the day after Fowler notified Zenlayer. It is unknown if the database was being managed by Zenlayer or a third party, how long it was exposed, and who else may have gained access.
Fortunately, thanks to Fowler’s prompt responsible disclosure, the administrators managed to secure the exposed database within a day. Despite this swift action, the company failed to acknowledge or respond to the researcher’s efforts. Therefore, there remains uncertainty regarding whether the database was under Zenlayer’s direct management or handled by a third party.



回复 支持 反对

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Archiver|手机版|小黑屋|IDCeve

GMT+8, 2024-4-24 08:20 , Processed in 0.049290 second(s), 5 queries , Redis On.

Powered by Discuz! X3.5

© 2001-2024 Discuz! Team.

快速回复 返回顶部 返回列表