Cloud Security
,
Security Operations
Exposed Database at Network Services Firm Included Server Log Details
A global data center provider exposed an internal database accessible on the internet, revealing approximately 384 million records.
See Also: Live Webinar | Securing the Cloud: Mitigating Vulnerabilities for Government
Researcher Jeremiah Fowler of security services firm Security Discovery reported the flaw in Los Angeles.
Fowler said the database contained 57.46 gigabytes or 384,658,212 records, including server logs detailing internal information, encompassing access, error, security and system logs. Fowler also found records related to a leading Russian telecom carrier, partially owned by a sanctioned Russian state-controlled company.
Los Angeles-headquartered Zenlayer is a global network services provider that offers solutions including software-defined wide area networks, content delivery networks and cloud services.* The company serves various industries, including telecom, gaming, media, entertainment, operating more than 290 data centers on six continents.
Fowler said some records included customer contact information including email and phone number. The security researcher said he was able to obtain them through a web-based listing of Zenlayer users accessible through a numerical incrementing URL that called up individual plain text records.
A company spokesperson acknowledged that it did exposed customer contact records, but said “because our logs are kept for a short span of time, only a subset of data was exposed.”
Fowler also said he uncovered logs that contained VPN records and a multitude of IP addresses, such as controller host IP, controller IP, IP LAN, jumper IP, and PXE IPMI. These IP addresses have the potential to expose the internal network architecture of the organization, potentially helping attackers map networks and plan further cyberattacks.
The company spokesperson said the exposed database was an internal testing web application that housed server logs. “The data viewed mainly included server logs used by our engineers to debug and test internal Zenlayer services – including error, access, and change logs.”
No internal or customer operational data, credentials or network traffic was impacted, the spokesperson added. “Other than the initial researcher that notified us of the issue, we’re not aware that any other party viewed this data,” the spokesperson added. The company’s default policy of whitelisting and firewall restrictions weren’t in effect since the server was used in development.
The company spokesperson said Zenlayer has no Russian customers “but we do deliver traffic to Russia for some of our global customers.” The company has begun auditing access to all internal applications and is will start encrypting development databases and logs, the spokesperson added.
*Correction Feb. 20, 2024 2:43 UTC: Corrects location of Zenlayer headquarters.