Amazon Left Massive Prime Video Telemetry Database Unsecured Online
A security researcher discovered a massive online unsecured database belonging to Amazon that was hosting Prime telemetry with more than 215 million entries.
Unsecured databases are a huge problem, especially for very large companies. In some situations, researchers need rapid access to some database, but entering credentials every time they access seems cumbersome. So they choose to either disable authentication or deploy it wrongly from the start.
As it turns out, Amazon says the Elasticsearch database dubbed Sauron was actually just suffering a deployment error in this situation. Elasticsearch databases are often used by people who need to search quickly for specific items inside vast datasets.
According to a TechCrunch report, security researcher Anurag Sen found the exposed database when using the Shodan search engine, which is typically used to find internet-connected servers that serve Internet of Things infrastructures, such as webcams, routers and so on.
There was no protection and anyone who simply knew the IP address could connect and download it. The good news is that the data it held didn’t have any personal Identifiable Information (PII) that would allow a third party to identify users. The database did contain information on which devices people use, viewing data on TV shows and movies, network quality, and much more.
Soon after Amazon was contacted about the issue, the database was secured and no longer available from the outside.
“There was a deployment error with a Prime Video analytics server. This problem has been resolved and no account information (including login or payment details) were exposed,” said Amazon spokesperson Adam Montgomery to TechCrunch. “This was not an AWS issue; AWS is secure by default and performed as designed.”
How to monitor your online privacy during your Thanksgiving trip
November 22, 2022
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info
November 16, 2022
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be
November 14, 2022
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War
August 31, 2022
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor
August 30, 2022
What is medical identity theft and how to protect against it
July 27, 2022