Originally published on October 23th, 2019
Company: E2E Networks Hosting (formerly Spikecloud)
Type: ElasticSearch Database
Size: 8GB, amounting to 21,682,731 records exposed
Countries Affected: Primarily India
Our security research team at Website Planet has discovered a large database breach on the severs of Cloud Infrastructure company E2E Networks Hosting. Cybersecurity experts also discovered a ransomware note on the compromised server, located in India, however, it’s not evident whether data is actually missing. Personal data and financial information in the form of invoices have been left exposed, amounting to over 21-million records.
Customer Data Leaked
- Financial details such as bank account and crypto wallet information
- Email addresses
- Street address
- Phone numbers
- Account names
- Passwords — clear text and hashed
Our research team was able to access over 21- million records via the database breach. The potential impact of this level of breach is substantial, with one of E2E Networks Hosting customers being the Indian money-transfer service InstantPay.
The majority of the information contained in the records is Personally-Identifying Information (PII) and passwords — a mixture of clear text and hashed passwords that can be uncovered using a known password table.
Some financial information has also been exposed, in the form of customer invoices, and while it doesn’t appear that customer credit card details have been exposed, some bank account details have been discovered.
The data exposed in this breach can be taken advantage of in a number of ways:
In many of the exposed records, email addresses, usernames, and passwords are visible in cleartext, meaning that anyone in possession of this data would be able to log into the customer’s E2E Networks Hosting account and perform any kind of action — such as accessing files, changing account details, and accessing financial and other data about the customer, including any saved credit card details.
Because E2E Networks is a cloud hosting company, being able to log into a customer’s account means that it’s possible to change website configurations and system configurations via the customer’s servers. The potential damage this can do is extensive — although it does depend on the type of servers and apps that the customer has on their account. It would be possible, for example, to delete nodes, change DNS nameservers, or create a new node.
A coveted practice among cybercriminals is exploiting stolen credentials to spin up new servers for mining cryptocurrencies, and having the victim pay for them. This breach allows exactly that – using the customer credentials to create new servers for free, which will generate quick cash for the criminals.
When PII data is exposed, in addition to company names and billing details, there’s a huge potential for this data to be used maliciously. Anyone in possession of this data would be able to claim to represent the companies and individuals, using the personal data in identity theft scams.
When a large number of email addresses and phone numbers are leaked, there is a high risk of phishing attacks. Having details such as customer IDs and financial information can allow for targeted phishing, and increases the likelihood of the victim clicking on links sent to their email addresses.
Company information has been left vulnerable in this breach, in addition to invoice details that could lead to financial espionage and blackmail. For example, we identified an account that had been suspended due to non-payment. This information could be used for blackmail or shaming of the company that is in debt.
Data leaks of this kind can easily be prevented with the implementation of stronger security practices such as encryption of customer data and passwords and antimalware software. Ironically, E2E Networks Hosting considers itself an expert in cybersecurity, according to a 2017 article published on its website, but it appears to have failed to adequately secure its own servers.
What is Website Planet?
Website Planet is the number one resource for web designers, digital marketers, developers and businesses with an online presence. You’ll find tools and resources for everyone from beginners to experts — and honesty is our top priority.
We have an experienced team of ethical security research experts who uncover and disclose some of the most serious data leaks, as part of a free service for the online community at large. You can read about how we tested five popular web hosts to see how easily hackable they are here.