E2E Networks Hosting Infrastructure as a service providing company suffered from data leak. The security research team at Website Planet has discovered a large database of approximately 8GB 21,682,731 records exposed. Also, they have also found a ransomware note on a compromised server, located in India. There is no clear evidence that data is actually missing. E2E Networks Hosting customers being the Indian money-transfer service InstantPay.
As per the researcher, the majority of data is in records are personal information and password. The password is also in clear text and hashed passwords that can be uncovered using a known password table. While financial information leak, Customer invoices but credit card details have not appeared. Some bank account details have been discovered.
Using the data leak, the attacker able to account takeover vulnerability. The information such as username and passwords are stored in plain text. It is also possible to server takeover vulnerability and change the configuration of the website. It would be possible, for example, to delete nodes, change DNS nameservers, or create a new node.