What could happen to your data when hosted on the cloud or on a dedicated server without the sufficient security?
Complexity of the situation
Modern information systems consist of a large number of hardware and software layers. Any of these hardware or software layers can be vulnerable and become the source of a security breach.
Security must therefore be considered in a global way and involves, first and foremost, simplifying information systems. Our information system is thus the result of multiple simplification choices, all of which aim to reduce its attack surface and therefore its vulnerability.
What happen at Cloud Clusters Inc?
Secure Thoughts collaborated with Security Expert Jeremiah Fowler to expose a massive leak of over 60 million customer records by that Cloud Application Hosting company
On October 5th they discovered a non-password protected database that contained a large amount of monitoring and system logs. There were records indicating data backups, monitoring, error logging, and more. Upon further research, the database appeared to belong to the Texas-based cloud application hosting provider, Cloud Clusters Inc. According to their website, they have 4 data center locations that include: Bend, Oregon, Charlotte, North Carolina, Denver, Colorado, and Dallas, Texas.
He immediately sent a responsible disclosure notice of his findings. Public access was restricted shortly after his notice. No one replied to his first messages and after a second follow-up email on October 13th he received an acknowledgment of his notification that said “Thanks for pointing out the problems to enhance website security. We also take data security very seriously.” It is unclear if Cloud Clusters Inc had notified customers or authorities regarding the exposure.
Emails and passwords in plain text are a potential nightmare waiting to happen.
Jeremiah saw user/password credentials for Magento, WordPress accounts, and MySql. Magento is an eCommerce platform used to sell products or services and WordPress is a website management system written in PHP. An exposure of login details could have potentially put these accounts and shoppers at risk. Cloud Clusters Inc’s customers could have been targeted by social engineering or spear phishing attempts using the exposed emails and credentials.
It is unclear how long these records were exposed or who else may have had access to this data. As a security researcher, Jeremiah never circumvent or bypass password protected assets. These records were publically accessible and no hacking necessary to see 63.7 million records. If a cybercriminal had access to this information it could potentially compromise those sites and eCommerce accounts. He is not implying that customers or visitors to these sites were at risk only raising awareness of what was exposed to anyone with an internet connection. After any security breach, all administrative credentials should be changed immediately including customer passwords or details that were captured in monitoring logs.
There were records in the database connecting multiple company names that all provide similar data hosting and management services under the Cloud Clusters umbrella. With the massive amount of records, it was hard to tell just how many services they operate, but the names I saw included names such as Mgtclusters, Hyper-v-mart, and several variants of Cloudclusters.
According to their website: “Cloud Clusters Inc was founded in 2017 by the same team from Database Mart LLC (DBM), a privately held company in Texas. DBM provides VPS, and dedicated server hosting business to global clients from 2005 with superb customer services. Cloud Clusters Inc provides fully managed open-source application services on Kubernetes cloud”.
The security for Webzenitude
Their personal computers are Apple MacBook Pro. Security updates of macOS and other installed software are immediately applied. Other updates of macOS and software used on these machines are researched and applied once a week.
These updates are detected through the App Store, CleanMyMac X and manually.
Their machines are protected by the Sophos security solution, which provides, among other things, real-time anti-virus protection and maintains a black list of websites not to be visited.
The Internet connections of the software installed on their personal computers are monitored using the Little Snitch solution.
Their personal computers are used for development and store all their data, at the same time, locally and remotely. Locally, the data is encrypted by macOS and protected by the macOS firewall. Remotely, this data is hosted by Tresorit. This Swiss solution allows end-to-end file encryption and version management. End-to-end file encryption ensures encrypted file storage in the cloud. Managing file versions is a better response to ransomwares than only backups.
Web application server
Their web application servers are hosted by the Finnish company UpCloud. They use the open source operating system Ubuntu Server 18.04 LTS (with guaranteed support until April 2023) and 20.04 LTS (with guaranteed support until April 2025). These Ubuntu operating systems are updated once a week after a full backup of the concerned servers.
Their servers are protected by a firewall and monitored by supervision software. In particular, the firewall allows only the necessary ports to be opened and may restrict access to authorized fixed IP addresses. The supervision software allows them, among other things, to detect abnormal activities on their servers and to inform them in real time.
Each virtual server is dedicated to a single client and a single application. The database(s) required for this application are also dedicated to this single client. Thus, a customer can never have access to another customer’s data.
Their servers can be located, at the customers’ choice, at different worldwide places.
Their servers are fully backed up once a day and before their operating system is updated.
These backups complement the backups performed at the level of each applications.
If you need more details, contact us.