Global on-demand edge cloud services provider Zenlayer had almost 385 million records, or 57.46 GB of data, exposed as a result of a misconfigured cloud database that did not have any password protection, Hackread reports.
Information exposed by the database included Zenlayer's internal documents, such as logging records for vendors, apps, dashboards, and notifications, as well as customer details, such as names and email addresses, according to a report by cybersecurity researcher Jeremiah Fowler published on WebsitePlanet.
Several IP addresses and VPN records that could be leveraged to infiltrate Zenlayer's internal network architecture were also part of the leak. Fowler added that some of the exposed records were from a Russian telecommunications provider allegedly involved in Border Gateway Protocol hijacking although Zenlayer had not been impacted by such an attack.
Meanwhile, Zenlayer said that it has already addressed the database misconfiguration after being notified by Fowler.
"We'll provide additional information when the investigation is complete," said a Zenlayer spokesperson.
Ahead of its imminent approval, the Biden administration's proposed executive order mandating U.S. cloud infrastructure-as-a-service providers to strengthen the verification of their users' identities has received industry opposition due to the increased financial and logistical burdens that would arise from such a rule, according to The Record, a news site by cybersecurity firm Recorded Future.
U.S. independent record label Empire Distribution, which has worked with Kendrick Lamar, Snoop Dogg, and 50 Cent, had its sensitive data exposed as a result of an environment file misconfiguration, Cybernews reports.