Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Leaseweb

Leaseweb Vendor Cyber Rating & Cyber Score

leaseweb.com

Leaseweb is a leading Cloud services and Infrastructure-as-a-Service (IaaS) provider serving a worldwide portfolio of 20,000 customers ranging from SMBs to Enterprises. Services include Public Cloud, Private Cloud, Hybrid Hosting, Colocation, Content Delivery Network, Cyber Security Services, and Dedicated Servers supported by exceptional customer service and technical support. With more than 80,000 servers under management, we have provided infrastructure for mission-critical websites, Internet applications, e-mail servers, security, and storage services since 1997. We have a global footprint of 20+ data centers across Europe, Asia, Australia, and North America, all of which are backed by a superior global network with a total capacity of


Leaseweb A.I CyberSecurity Scoring

Leaseweb
Company Information
Website:https://www.leaseweb.com
Employees number:641
Number of followers:25,633
NAICS:5415
Industry Type:IT Services and IT Consulting
Homepage:leaseweb.com
Leaseweb Risk Score (AI oriented)
Between 700 and 749
logo
LeasewebIT Services and IT Consulting
Updated:
10/06/2026
705/1000
Moderate
Ba
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
Leaseweb Global Score (TPRM)
xxxx
logo
LeasewebIT Services and IT Consulting
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

Leaseweb
LeasewebModerate
Current Score
705Ba (MODERATE)
01000
2 incidents
-20 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
706Before Incident
JUNE 2026
725Before Incident
Cyber Attack
04 Jun 2026Leaseweb
Google, velia.net, OVH SAS, HostPapa and Leaseweb: How Spammers Are Hiding Behind Google and the New York Times

Large-Scale Phishing Infrastructure Uncovered: 12,704 Servers Exploit Google Cloud and Scraped NYT Content

705After Incident
HIGH-20
LEAGOOVELOVHHOS1781109328
Large-Scale Phishing Infrastructure Uncovered: 12,704 Servers Exploit Google Cloud and Scraped NYT Content A recent investigation has exposed a sophisticated, globally distributed phishing operation leveraging 12,704 internet-facing servers across 55 countries to facilitate spam and credential-harvesting campaigns. The infrastructure, designed for deliverability, evasion, and resilience, abuses Google Cloud Storage as an initial redirect layer before funneling targets to attacker-controlled landing pages many of which mimic The New York Times to deceive security scanners and non-targeted visitors. ### Key Findings - Scale & Distribution: The network spans 412 hosting providers, with the highest concentrations at HostPapa (630 servers), velia.net (453), OVH SAS (438), and Leaseweb (423). Geographic diversification including heavy use of low-cost VPS markets in Turkey and Romania complicates takedown efforts. - Google Cloud Abuse: Attackers exploit Google Cloud Storage to host benign-looking HTML/JS files, using trusted Google domains (e.g., `storage.googleapis.com`) to bypass initial suspicion. JavaScript redirects then obscure the final phishing destination, allowing operators to rotate infrastructure without updating embedded email links. - Deceptive Landing Pages: Servers serve near-identical pages scraped from The New York Times, likely to evade detection by security tools. Only targeted visitors identified via factors like location, browser type, or referral source are redirected to malicious payloads. - Outdated & Vulnerable Software: 99.8% of servers run end-of-life (EOL) software, including: - Apache/2.4.52 (Ubuntu): 69% - Apache/2.4.6 (CentOS) with OpenSSL/1.0.2k-fips: 21% - Apache/2.4.41 (Ubuntu): 6% - Apache/2.4.58 (Ubuntu): 4% The uniformity suggests automated deployment from a small set of server images. - Low Abuse History: 89% of IP addresses had no prior reports in AbuseIPDB, indicating either rapid rotation or use as intermediate redirectors to avoid reputation-based blocking. - Selective Targeting: The infrastructure appears to filter visitors, serving benign content to scanners while delivering phishing pages to intended victims. The exact filtering logic remains unclear. ### Operational Tactics 1. Initial Contact: Victims receive spam emails with links to Google Cloud Storage URLs, which appear legitimate. 2. First Redirect: JavaScript on the Google-hosted page redirects to an attacker-controlled server. 3. Landing Page: Non-targets see NYT-scraped content; targets are sent to phishing pages. 4. Credential Harvesting: Victims who enter personal or financial data have their information compromised. ### Impact & Unknowns While the investigation confirms the existence and scale of the infrastructure, critical details remain unknown: - Total email volume sent via this network. - Number of victims who clicked links or submitted data. - Identity of the operators, though the coordinated deployment and shared tooling suggest a centralized operation rather than isolated actors. The campaign’s design distributed hosting, EOL software, and Google Cloud abuse prioritizes persistence and evasion, making disruption difficult. Victims who entered credentials on any linked page should assume their data is compromised. Even clicking a link may confirm an email address as active, increasing future spam exposure.
INCIDENT DETAILS -
TYPE
Phishing
MOTIVATION
Credential harvesting, financial gain
IMPACT
Data Compromised: Credentials, personally identifiable information (PII)Systems Affected: 12,704 internet-facing servers across 55 countriesOperational Impact: Potential compromise of user accounts, increased spam exposure for victimsIdentity Theft Risk: High
DATA BREACH
Type Of Data Compromised: Credentials, personally identifiable information (PII)Sensitivity Of Data: High (credentials, PII)Data Exfiltration: Likely (credentials harvested)Personally Identifiable Information: Yes
MAY 2026
725Before Incident
APRIL 2026
724Before Incident
MARCH 2026
723Before Incident
FEBRUARY 2026
723Before Incident
JANUARY 2026
722Before Incident
DECEMBER 2025
722Before Incident
NOVEMBER 2025
721Before Incident
OCTOBER 2025
720Before Incident
SEPTEMBER 2025
720Before Incident
AUGUST 2025
719Before Incident
AUGUST 2023
755Before Incident
Breach
01 Aug 2023Leaseweb
Leaseweb

Leaseweb Security Breach

694After Incident
CRITICAL-61
LEA05528823
The cloud and hosting provider Leaseweb suffered a security breach that impacted some “critical” systems of the company. The problem affected a particular area of our cloud-based infrastructure, causing a small number of cloud customers to experience outage. They have acted quickly and decisively to minimise hazards. This includes briefly turning off a few important systems that have an influence on the customer portal. Reads the notice personnel are putting a lot of effort into repairing the systems, and they anticipate that the Customer Portal will be back up in a few hours. They have strong containment strategies in place and are working closely with a reputable cybersecurity and forensics firm to ensure that services continue to be secure and dependable. The issue was successfully contained, security was strengthened, and no further unauthorised activity has been discovered despite the fact that their investigation is still ongoing.
INCIDENT DETAILS -
TYPE
Security Breach
IMPACT
Customer PortalCritical SystemsFew hoursOutage for a small number of cloud customers

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for Leaseweb ?
?
What was Leaseweb's A.I Rankiteo Cyber Score in June 2026 ?
?
What was Leaseweb's A.I Rankiteo Cyber Score in May 2026 ?
?
What was Leaseweb's A.I Rankiteo Cyber Score in April 2026 ?
?
What was Leaseweb's A.I Rankiteo Cyber Score in March 2026 ?
?
What was Leaseweb's A.I Rankiteo Cyber Score in February 2026 ?
?
What was Leaseweb's A.I Rankiteo Cyber Score in January 2026 ?
?
What was Leaseweb's A.I Rankiteo Cyber Score in December 2025 ?
?
What was Leaseweb's A.I Rankiteo Cyber Score in November 2025 ?
?
What was Leaseweb's A.I Rankiteo Cyber Score in October 2025 ?
?
What was Leaseweb's A.I Rankiteo Cyber Score in September 2025 ?
?
What was Leaseweb's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on Leaseweb's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with Leaseweb ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view Leaseweb's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?