paint-brush
Hosting Provider Cloud Clusters Inc. Potentially Exposed 63M Recordsby@a2zleog
1,096 reads
1,096 reads

Hosting Provider Cloud Clusters Inc. Potentially Exposed 63M Records

by Leo GutierrezNovember 18th, 2020
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

An exposed and unsecured database from Cloud Application Hosting company Cloud Clusters, Inc. was discovered on October 5, 2020, containing more than 63 million records. Among the records were username and password credentials for Magento, WordPress, and MySql. The database was stored in plain text for anyone to take, placing millions of users' private information at risk. This endangers everyone from regular website operators, to eCommerce websites and their customers. User accounts and online shoppers could potentially be targeted by social engineering or spear phishing attempts.

Company Mentioned

Mention Thumbnail
featured image - Hosting Provider Cloud Clusters Inc. Potentially Exposed 63M Records
Leo Gutierrez HackerNoon profile picture

An exposed and unsecured database from Cloud Application Hosting company Cloud Clusters, Inc. was discovered on October 5, 2020, containing more than 63 million records.This discovery was made by Jeremiah Fowler from SecurethoughtsAmong the records were username and password credentials for Magento, WordPress, and MySql.

Cloud Clusters operates multiple companies under their umbrella that provide similar data hosting and management services. Variations of the brand can be seen on the footer of their website: https://www.cloudclusters.io/. Some of these subsidiary companies include names like MgtclustersHyper-v-mart, and several variants of CloudClusters.

This endangers everyone from regular website operators, to eCommerce websites and their customers. User accounts and online shoppers could potentially be targeted by social engineering or spear phishing attempts using the exposed emails and credentials.

The database was stored in plain text for anyone to take, placing millions of users' private information at risk.

As Jeremiah states in his article, "It is unclear how long these records were exposed or who else may have had access to this data."

If you are a customer of Cloud Clusters Inc and their "Hosted Open-Source Applications on Kubernetes Cloud Platform," be aware of possible social engineering or spear-phishing attempts.

According to the article, other than monitoring and logs exposing the UN & PW of website platforms, login paths, middleware and build info, IPs, ports, pathways, and storage info were all left exposed without admin credentials. Evidence of the Meow Bot was also discovered.

Huge faux-pas right here; a serious lapse in security. Jeremiah writes, "If a cybercriminal had access to this information it could potentially compromise those sites and e-commerce accounts." Users of Cloud Clusters or any of their subsidiaries should be on guard against hacking or spear-fishing attempts.