Amazon didn’t protect one of its internal servers, allowing anyone to view a database named “Sauron” which was full of Prime Video viewing habits.
As TechCrunch reports(Opens in a new window), the unprotected Elasticsearch database was discovered by security researcher Anurag Sen(Opens in a new window). Contained within the database, which anyone who knew the IP address could access using a web browser, were roughly 215 million records of Prime Video viewing habit information. The data included show/movie name, streaming device used, network quality, subscription details, and Prime customer status.
The database first became publicly accessible on Sept. 30, but luckily for Amazon the records in the database were pseudonymized, meaning each entry can’t be linked to the individual/streaming location it relates to. When Amazon was informed of the exposed database, it swiftly became inaccessible.
Recommended by Our Editors
Amazon spokesperson Adam Montgomery explained what happened, “There was a deployment error with a Prime Video analytics server. This problem has been resolved and no account information (including login or payment details) were exposed. This was not an AWS issue; AWS is secure by default and performed as designed.”
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Hits: 0
