Cloud Security , Security Operations
Zenlayer Exposes 384 Million Records
Exposed Database at Network Services Firm Included Server Log DetailsA global data center provider exposed an internal database accessible on the internet, revealing approximately 384 million records.
See Also: The Duality of AI: Enhancing and Securing Gen AI Models
Researcher Jeremiah Fowler of security services firm Security Discovery reported the flaw in Los Angeles.
Fowler said the database contained 57.46 gigabytes or 384,658,212 records, including server logs detailing internal information, encompassing access, error, security and system logs. Fowler also found records related to a leading Russian telecom carrier that is partially owned by a sanctioned Russian state-controlled company.
Los Angeles-headquartered Zenlayer is a global network services provider that offers solutions including software-defined wide area networks, content delivery networks and cloud services.* The company serves various industries, including telecom, gaming, media and entertainment and operates more than 290 data centers on six continents.
Fowler said some records included customer contact information, including email and phone number. The security researcher said he was able to obtain them through a web-based listing of Zenlayer users that is accessible through a numerical incrementing URL that called up individual plain text records.
A company spokesperson acknowledged that it did expose customer contact records but said "because our logs are kept for a short span of time, only a subset of data was exposed."
Fowler also said he had uncovered logs that contained VPN records and a multitude of IP addresses, such as controller host IP, controller IP, IP LAN, jumper IP, and PXE IPMI. These IP addresses have the potential to expose the internal network architecture of the organization, potentially helping attackers map networks and plan further cyberattacks.
The company spokesperson said the exposed database was an internal testing web application that housed server logs. "The data viewed mainly included server logs used by our engineers to debug and test internal Zenlayer services - including error, access, and change logs."
No internal or customer operational data, credentials or network traffic was affected, the spokesperson added. "Other than the initial researcher that notified us of the issue, we're not aware that any other party viewed this data," they said. The company's default policy of whitelists and firewall restrictions wasn't in effect since the server was being used in development.
The company spokesperson said Zenlayer has no Russian customers, "but we do deliver traffic to Russia for some of our global customers." The company has begun to audit access to all internal applications, and it will start encrypting development databases and logs, the spokesperson added.
*Correction Feb. 20, 2024 2:43 UTC: Corrects location of Zenlayer headquarters.