[BreachExchange] Web hosting provider exposes details of millions of clients in serious security lapse

[Destry Winant]

https://www.techradar.com/news/web-hosting-provider-exposes-details-of-millions-of-clients-in-serious-security-lapse

Security researchers have discovered a huge data breach involving a
web hosting firm, which may have threatened the privacy of some 63
million individuals. Security researcher Jeremiah Fowler, in
collaboration with Secure Thoughts, discovered that an unsecured
database hosted by US firm Cloud Clusters had potentially compromised
usernames and passwords connected with Magento, WordPress and MySQL.

The exposed database contained records concerning data backups,
monitoring, error logging, and more, with emails and passwords
displayed in plain text.

After discovering the breach, Fowler notified Cloud Clusters, which
eventually acknowledged the vulnerability before restricting public
access. It is not known, however, if the firm informed relevant
customers that their credentials could have been compromised.

“It is unclear how long these records were exposed or who else may
have had access to this data,” Fowler explained. “As a security
researcher, I never circumvent or bypass password protected assets.
These records were publically accessible and no hacking was necessary
to see 63.7 million records. If a cybercriminal had access to this
information it could potentially compromise those sites and e-commerce
accounts.”

Still at risk?

Magento is an e-commerce platform, while WordPress is a popular
website management system. Users of these platforms could now be at
risk of account hacking or being targeted by spear-phishing attempts.
The total number of exposed records numbered 63,747,966.

Poor log monitoring is often blamed for exposing sensitive data as it
is not considered a core asset. Logs can still contain important data,
however, including login attempts, critical transactions, IP addresses
and usernames.

For Cloud Clusters, although the security issue has now been patched,
it might be a good idea to notify customers that may have been
compromised, so they can be on guard against follow-up attacks.