Amazon failed to protect one of its internal servers, allowing anyone to view a database named “Sauron” that was full of Prime Video viewing habits.
As TechCrunch reports(Opens in a new window)the unprotected Elasticsearch database was discovered by a security researcher Anurag Sen(Opens in a new window). The database, which anyone with the IP address could access using a web browser, contained approximately 215 million records of Prime Video viewing habits. Data included show/movie name, streaming device used, network quality, subscription details and Prime customer status.
The database first became publicly available on September 30, but luckily for Amazon, the records in the database have been pseudonymized, meaning each entry cannot be linked to the individual location/ distribution to which it relates. When Amazon was made aware of the existence of the exposed database, it quickly became inaccessible.
Recommended by our editors
Amazon spokesperson Adam Montgomery explained what happened: “There was a deployment error with a Prime Video analytics server. This issue has been resolved and no account information (including login or payment information) has been exposed. This was not an AWS problem; AWS is secure. by default and performed as expected.”
Do you like what you read ?
Register for Security Watch newsletter for our top privacy and security stories delivered straight to your inbox.