Amazon Prime video server exposed online. The server is packed with viewer data as 215 million entries of supposed pseudonymized amazon prime video viewing were reportedly exposed.
Amazon Prime Video Server Exposed Online
It’s yet another day with another reported misconfigured database leaking key customer data to the wilder internet.
And this time around, according to TechCrunch, the perpetrator here is no other person but amazon. Just recently cybersecurity researcher Anurag Sen discovered a major amazon database with no password protection of the sort that is available to just about anyone who just knew where to look.
And with the help of Shodan which is a search engine for internet-connected things, Sen discovered the said database which is named Sauron, and found it complete with amazon prime viewing habits.
The Database Held 215 Million Entries of Pseudonymized Viewing Data
The database in total held some 215 million entries of pseudonymized viewing data thus meaning that while there are still a lot of data on specific customers to learn about their viewing habits, it’s virtually impossible to make a connection to those accounts with actual identities. Sauron as you should know contain things such as series/movie names, the said device used in streaming the content, the network quality and also the customer subscription plan and so many more.
The database reportedly was initially detected to be exposed back in late September 2022, after which amazon was then tipped off and then took the system from the wider web.
What Amazon Has To Say about the Leak
“There was a deployment error with a Prime Video analytics server. This problem has been resolved and no account information (including login or payment details) was exposed. This was not an AWS issue; AWS is secure by default and performed as designed,” TechCrunch cited spokesperson from amazon, Adam Montgomery.
Researchers Have Been Warning About Cloud Misconfigurations for Years Now
Cloud misconfigurations are not something new, and researchers for many years have been warning that this man-made error is the main cause of data breaches. A 2021 IBM report in fact also claimed that 19% of data breaches happen because IT teams fail to properly protect the assets that are found within their cloud infrastructure. The company polled over 500 organizations and companies that suffered a data breach for the report and then learned that for half (52%) of these companies, securing data stored in the public cloud remained a huge challenge.
An Accurics report furthermore from 2020 claimed that ‘nearly all’ cloud storage deployments were misconfigured.