An Amazon Prime Video server packed with viewer data was exposed online
215 million entries of pseudonymized Amazon Prime Video viewing data exposed
Another day, another misconfigured database leaking sensitive customer data to the wider internet.
This time around, the perpetrator is none other than Amazon, as according to TechCrunch, cybersecurity researcher Anurag Sen recently discovered a major Amazon database, no password protection whatsoever, available to anyone who knew where to look.
With the help of Shodan - a search engine for internet-connected things, Sen discovered the database, named Sauron, and found it full of Amazon Prime viewing habits.
Deployment error
In total, the database held some 215 million entries of pseudonymized viewing data - meaning while there’s plenty of data on specific customers to learn about their viewing habits, it’s virtually impossible to connect those accounts with actual identities. Sauron contains things such as movie/series name, the device used to stream the content, network quality, customer subscription plan, etc.
The database was reportedly first detected to be exposed in late September 2022, after which Amazon was tipped off, and removed the system from the wider web.
“There was a deployment error with a Prime Video analytics server. This problem has been resolved and no account information (including login or payment details) were exposed. This was not an AWS issue; AWS is secure by default and performed as designed,” TechCrunch cited Amazon spokesperson Adam Montgomery.
Cloud misconfigurations are nothing new, and researchers have been warning for years that this man-made error is a major cause for data breaches. In fact, a 2021 IBM report claimed 19% of data breaches happen because IT teams fail to properly protect the assets found within their cloud infrastructure. The company polled more than 500 organizations that suffered a data breach for the report, and learned that for half (52%), securing data stored in the public cloud remained a challenge.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Furthermore, an Accurics report from 2020 claimed “nearly all” cloud storage deployments were misconfigured.
- These are the best SMB servers right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.