What could happen to your data when hosted on the cloud or on a dedicated server without the sufficient security?
Complexity of the situation
Modern information systems consist of a large number of hardware and software layers. Any of these hardware or software layers can be vulnerable and become the source of a security breach.
Security must therefore be considered in a global way and involves, first and foremost, simplifying information systems. Our information system is thus the result of multiple simplification choices, all of which aim to reduce its attack surface and therefore its vulnerability.
What happen at Cloud Clusters Inc?
Secure Thoughts collaborated with Security Expert Jeremiah Fowler to expose a massive leak of over 60 million customer records by that Cloud Application Hosting company
On October 5th they discovered a non-password protected database that contained a large amount of monitoring and system logs. There were records indicating data backups, monitoring, error logging, and more. Upon further research, the database appeared to belong to the Texas-based cloud application hosting provider, Cloud Clusters Inc. According to their website, they have 4 data center locations that include: Bend, Oregon, Charlotte, North Carolina, Denver, Colorado, and Dallas, Texas.
He immediately sent a responsible disclosure notice of his findings. Public access was restricted shortly after his notice. No one replied to his first messages and after a second follow-up email on October 13th he received an acknowledgment of his notification that said “Thanks for pointing out the problems to enhance website security. We also take data security very seriously.” It is unclear if Cloud Clusters Inc had notified customers or authorities regarding the exposure.
Emails and passwords in plain text are a potential nightmare waiting to happen.
Jeremiah saw user/password credentials for Magento, WordPress accounts, and MySql. Magento is an eCommerce platform used to sell products or services and WordPress is a website management system written in PHP. An exposure of login details could have potentially put these accounts and shoppers at risk. Cloud Clusters Inc’s customers could have been targeted by social engineering or spear phishing attempts using the exposed emails and credentials.
It is unclear how long these records were exposed or who else may have had access to this data. As a security researcher, Jeremiah never circumvent or bypass password protected assets. These records were publically accessible and no hacking necessary to see 63.7 million records. If a cybercriminal had access to this information it could potentially compromise those sites and eCommerce accounts. He is not implying that customers or visitors to these sites were at risk only raising awareness of what was exposed to anyone with an internet connection. After any security breach, all administrative credentials should be changed immediately including customer passwords or details that were captured in monitoring logs.
There were records in the database connecting multiple company names that all provide similar data hosting and management services under the Cloud Clusters umbrella. With the massive amount of records, it was hard to tell just how many services they operate, but the names I saw included names such as Mgtclusters, Hyper-v-mart, and several variants of Cloudclusters.
According to their website: “Cloud Clusters Inc was founded in 2017 by the same team from Database Mart LLC (DBM), a privately held company in Texas. DBM provides VPS, and dedicated server hosting business to global clients from 2005 with superb customer services. Cloud Clusters Inc provides fully managed open-source application services on Kubernetes cloud”.
The security for Vincent Soumoy
Our personal computers are PC under Windows. Security updates of Windows and other installed software are immediately applied.
Our machines are protected by the Kapersky security solution, which provides, among other things, real-time anti-virus protection and maintains a black list of websites not to be visited.
Our personal computers are used for development and store all their data, at the same time, locally and remotely. Locally, the data is protected by Kapersky firewall. Remotely, this data is hosted by Dropbox.
Web application server
Our web application servers are hosted by the Gandi and EspoCRM.
Each virtual server is dedicated to a single client and a single application. The database(s) required for this application are also dedicated to this single client. Thus, a customer can never have access to another customer’s data.
Our servers can be located, at the customers’ choice, at different worldwide places.
Our servers are fully backed up once a day and before their operating system is updated.
These backups complement the backups performed at the level of each applications.
If you need more details, contact us.