1 min read

Amazon Left Massive Prime Video Telemetry Database Unsecured Online

Silviu STAHIE

November 02, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Amazon Left Massive Prime Video Telemetry Database Unsecured Online

A security researcher discovered a massive online unsecured database belonging to Amazon that was hosting Prime telemetry with more than 215 million entries.

Unsecured databases are a huge problem, especially for very large companies. In some situations, researchers need rapid access to some database, but entering credentials every time they access seems cumbersome. So they choose to either disable authentication or deploy it wrongly from the start.

As it turns out, Amazon says the Elasticsearch database dubbed Sauron was actually just suffering a deployment error in this situation. Elasticsearch databases are often used by people who need to search quickly for specific items inside vast datasets.

According to a TechCrunch report, security researcher Anurag Sen found the exposed database when using the Shodan search engine, which is typically used to find internet-connected servers that serve Internet of Things infrastructures, such as webcams, routers and so on.

There was no protection and anyone who simply knew the IP address could connect and download it. The good news is that the data it held didn’t have any personal Identifiable Information (PII) that would allow a third party to identify users. The database did contain information on which devices people use, viewing data on TV shows and movies, network quality, and much more.

Soon after Amazon was contacted about the issue, the database was secured and no longer available from the outside.

“There was a deployment error with a Prime Video analytics server. This problem has been resolved and no account information (including login or payment details) were exposed,” said Amazon spokesperson Adam Montgomery to TechCrunch. “This was not an AWS issue; AWS is secure by default and performed as designed.”

tags


Author



Right now

Top posts

How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Hacking cars remotely with just their VIN Hacking cars remotely with just their VIN
Graham CLULEY

December 05, 2022

2 min read
Russian courts attacked by CryWiper malware that poses as ransomware Russian courts attacked by CryWiper malware that poses as ransomware
Graham CLULEY

December 05, 2022

2 min read
Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts
Silviu STAHIE

December 02, 2022

1 min read