Site icon TechNewsBoy.com

An Amazon Prime Video server packed with viewer data was exposed online

Another day, another misconfigured database leaking sensitive customer data to the wider internet. 

This time around, the perpetrator is none other than Amazon, as according to TechCrunch (opens in new tab), cybersecurity researcher Anurag Sen recently discovered a major Amazon database, no password protection whatsoever, available to anyone who knew where to look. 

With the help of Shodan – a search engine for internet-connected things, Sen discovered the database, named Sauron, and found it full of Amazon Prime viewing habits.

Deployment error

In total, the database held some 215 million entries of pseudonymized viewing data – meaning while there’s plenty of data on specific customers to learn about their viewing habits, it’s virtually impossible to connect those accounts with actual identities. Sauron contains things such as movie/series name, the device used to stream the content, network quality, customer subscription plan, etc. 

The database was reportedly first detected to be exposed in late September 2022, after which Amazon was tipped off, and removed the system from the wider web.

“There was a deployment error with a Prime Video analytics server. This problem has been resolved and no account information (including login or payment details) were exposed. This was not an AWS issue; AWS is secure by default and performed as designed,” TechCrunch cited Amazon spokesperson Adam Montgomery.

Cloud misconfigurations are nothing new, and researchers have been warning for years that this man-made error is a major cause for data breaches. In fact, a 2021 IBM report claimed 19% of data breaches happen because IT teams fail to properly protect the assets found within their cloud infrastructure. The company polled more than 500 organizations that suffered a data breach for the report, and learned that for half (52%), securing data stored in the public cloud remained a challenge. 

Furthermore, an Accurics report from 2020 claimed “nearly all” cloud storage (opens in new tab) deployments were misconfigured.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – abuse@technewsboy.com. The content will be deleted within 24 hours.
Exit mobile version