We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Hackers Leak Global Companies’ Data Center Login Details

Hackers Leak Global Companies’ Data Center Login Details
Author Image Husain Parvez
Husain Parvez Published on 22nd February 2023 Cybersecurity Researcher

Hackers have gained and released data center login credentials of more than 2,000 businesses, including Fortune 500 companies like Walmart, Apple, and Amazon. This allowed hackers to masquerade as authorized users on the customer support sites for these data centers.

According to the report from Resecurity, the initial breach occurred back in September 2021, affecting Shanghai-based GDS Holdings Ltd and Singapore-based ST Telemedia Global Data Centres.

After holding the login credentials for more than a year, hackers initially posted the data for sale on the dark web for $175,000. On Monday, the data dump was instead released in its entirety for free. Companies such as Goldman Sachs, Alibaba, Baidu, Huawei, PayPal, and thousands of others use these credentials to access customer support for their rented data center space and equipment.

Unauthorized access to these accounts presents a unique threat. A hacker could potentially give themselves free physical access to the servers housed within these data centers. From there, they could easily steal sensitive data or install malware.

ST Telemedia Global Data Centres and GDS Holdings Ltd. forced password changes for all of their clients in January. However, as the exposed data also included email addresses, it still offers valuable targets for phishing emails. This is because the employees behind these email addresses tend to have high-level access to sensitive areas of their company network.

Bloomberg followed up on the report by reaching out to the people over at Microsoft and was assured by a spokesperson that the company “regularly monitors for threats that could impact Microsoft and when potential threats are identified we take appropriate action to protect Microsoft and our customers”.

A similar response came from BMW, who assessed the situation and clarified that “the issue has a very limited impact on BMW businesses and has caused no damage to BMW customers and product related information.”

ST Telemedia Global Data Centres put up a statement criticizing Bloomberg’s coverage as “materially inaccurate and serve only to motivate future activities by threat actors within the critical digital infrastructure sector.” The Singapore-based data management company also clarified that “any purported stolen user credentials for our customer service portals do not pose risks for either our data center operations nor our customer IT systems and data.”

About the Author

Husain Parvez is a Cybersecurity Researcher and News Writer at vpnMentor, focusing on VPN reviews, detailed how-to guides, and hands-on tutorials. Husain is also a part of the vpnMentor Cybersecurity News bulletin and loves covering the latest events in cyberspace and data privacy.