Remember when a Chinese server leaked 7GB worth of data including fake Amazon reviews? Well now, an Elasticsearch database dubbed Sauron was left unprotected in cyberspace without any security authentication.
According to security researcher Anurag Sen, the database was stored on an internal Amazon server and contained Prime Video viewing habits.
This server was accessible on the internet because of the lack of password protection. Hence, the available data could have been accessed by someone accessing a web browser simply by entering its IP address.
It is worth noting that Sen found the database on September 30th, 2022 while scanning through the IoT search engine Shodan.
More Viewing Habits Related Topics
- Our TV Viewing Habits Can Be Monitored for the Benefit of Marketers
- Hundreds of Android Gaming Apps are Tracking Your TV Viewing Habits
- General Motors collected location & radio listening habits data of drivers
- A leaked database exposed the shopping habits of 35 million US residents
What Data was Exposed?
The exposed database contained 215 million records of pseudonymized viewing data. This includes the name of the movie or show being streamed, the device used for streaming the content, and similar internal data such as subscription information and network quality.
Basically, the database contained information about Amazon Prime customers. However, the data cannot be used to identify the customers by name. Still, this security lapse again highlights the drawbacks and dangers of misconfigured internet-facing servers left online without passport protection.
What caused the Issue?
Amazon spokesperson Adam Montgomery told TechCrunch that the issue was caused by ‘deployment errors with a Prime Video analytics server.’ When Amazon was notified about the exposed database, the company took necessary steps to make it inaccessible.
The database was protected shortly after Amazon received information about it. The company confirmed that login and payment card data or account details were safe, while the exposed data was pseudonymized.
- Amazon data breach: Personal details of customers leaked
- Secret Pentagon Files Left Unprotected on the Amazon Server
- Amazon sent 1,700 audio recordings of Alexa user to a stranger
- Critical Amazon Ring Vulnerability Could Expose Camera Recordings
- Amazon Database Exposed US Military’s Social Media Spying Campaign