Video streaming platform Lionsgate Play uncovered delicate data on tens of millions of its users, cybersecurity researchers from Cybernews discovered.
The web site’s group discovered (opens in new tab) Lionsgate’s platform stored an unprotected ElasticSearch occasion, containing 20GB of server logs with roughly 30 million entries. Some of the data dates again to May 2022, and included consumer IP addresses in addition to data on consumer gadgets, working techniques, and internet browsers.
While this isn’t precisely personally identifiable data (opens in new tab), it might probably nonetheless be utilized by risk actors to conduct intrusions, the researchers stated.
Possible authentication secrets and techniques
“It can be useful in targeted attacks, especially when combined with other leaked or publicly available information,” Cybernews’ group stated in its report.
By realizing the IP addresses, the attackers can ship custom-built malicious payloads to the targets, they added.
But this isn’t the one data that was leaked through ElasticSearch. Usage data, akin to content material titles, IDs, and search queries, had been additionally leaked. This data is often utilized by analysts to trace the platform’s and content material’s efficiency. Furthermore, researchers found unidentified hashes with logged HTTP GET requests, that are user-made requests for data, saved on the server.
While the researchers couldn’t say what the hashes are used for, they did say they include greater than 156 characters, that means they had been supposed to remain unchanged for lengthy.
“Hashes didn’t match any commonly used hashing algorithms. Since these hashes were included in the HTTP requests, we believe they could have been used as secrets for authentication, or just user IDs,” stated researchers.
When reached out to by the researchers, Lionsgate responded by closing the open occasion. However, an official assertion is but to be made.
Streaming platforms are well-liked targets amongst cybercriminals. Before Lionsgate Play, hackers managed to breach Plex, START, and Carbon TV.
- Check out the perfect password managers (opens in new tab) proper now
…. to be continued
Read the Original Article
Copyright for syndicated content material belongs to the linked Source : TechRadar – https://www.techradar.com/news/lionsgate-streaming-platform-leaks-data-of-37-million-users