Priya PatelTLDR:
- A global network service provider, ZenLayer, misconfigured a cloud database, exposing over 380 million records of infrastructure and customer information.
- The exposed data included sensitive information such as internal network architecture, customer email addresses, phone numbers, and business details.
Alicia Hope, a cybersecurity researcher at Website Planet, discovered the massive data leak and notified ZenLayer about the misconfiguration. Despite initial silence, ZenLayer acknowledged the leak and is working with the researcher to release additional details.
The exposed records contained internal files, customer data, and logs that detailed system activity, security events, and server information. The leak also revealed customer email addresses, user roles, and company registration details, including a telecom firm partially owned by a sanctioned Russian government entity.
Leaking VPN IP addresses exposed ZenLayer’s internal network infrastructure, making it vulnerable to cyber attacks. Additionally, the data leak exposed names, email addresses, billing information, and company details of impacted individuals. The exact number of affected individuals remains undetermined.
Despite the potential risks posed by the data leak, ZenLayer has addressed the cloud misconfiguration and limited public access to the database. The company is collaborating with the researcher to provide further information on the incident.
