A hosting provider exposed over 63 million customer records via an open elastic search database containing verbose logs with plain-text username/password credentials for numerous WordPress, Magento and other sites, securethoughts reports.
The database appeared to belong to the Texas-based cloud application hosting provider, Cloud Clusters Inc. According to their website, they have 4 data center locations that include: Bend, Oregon, Charlotte, North Carolina, Denver, Colorado, and Dallas, Texas.
There were records in the database connecting multiple company names that all provide similar data hosting and management services under the Cloud Clusters umbrella. With the massive amount of records, it was hard to tell just how many services they operate, but the names I saw included names such as Mgtclusters, Hyper-v-mart, and several variants of Cloudclusters.
Security Expert, Jeremiah Fowler
According to their website: “Cloud Clusters Inc was founded in 2017 by the same team from Database Mart LLC (DBM), a privately held company in Texas. DBM provides VPS, and dedicated server hosting business to global clients from 2005 with superb customer services. Cloud Clusters Inc provides fully managed open-source application services on Kubernetes cloud”.
What the database contained:
- The database was set to open and visible in any browser (publicly accessible) and anyone could edit, download, or even delete data without administrative credentials.
- Exposed records that contain internal information such as monitoring, and logs that exposed usernames, user email addresses, and multiple service passwords in plain text. IE: Magento, WordPress, MySQL
- Client panel and employee login paths and data.
- 63,747,966 total records exposed.
- Evidence of Meow bot attack (a malicious script that deletes data).
- Middleware and build information that could allow for a secondary path for malware.
- IP addresses, Ports, Pathways, and storage info that cybercriminals could exploit to access deeper into the network.
