Amazon accidentally exposed an internal server packed with Prime Video viewing habits • TechCrunch


It feels like every other day else Technique start He was caught spilling large amounts of data online due to a security vulnerability. But even for tech giants like Amazon, it’s easy to make mistakes.

security researcher Anurag Singh I found a database full of Amazon Prime viewing habits stored on an internal Amazon server accessible from the Internet. But since the database was not password protected, anyone could access the data inside using a web browser just by knowing their IP address.

Elasticsearch’s database – called “Sauron” (make it what you want) contains about 215 million entries for pseudonymized display data, such as the name of the show or movie it’s being broadcast on, the device it’s being broadcast on, and other internal data, such as network quality and details related to their subscription, such as if they are an Amazon Prime customer.

According to Chudan, a search engine for Internet related thingsThe database was first discovered to have been exposed to the Internet on September 30.

While it’s troubling that a company the size and fortune of Amazon could leave such a massive cache of data online for weeks without anyone noticing, based on our review, the data cannot be used to personally identify customers by name. But this break highlights a common problem that underpins many data exposures – misconfigured internet-facing servers that are left on the internet without a password for anyone to access.

Sen provided the database details in an effort to secure the data, and TechCrunch passed the information on to Amazon out of great caution. The database could not be accessed after a short time.

“A publishing error occurred with the Prime Video analytics server. This issue is resolved and no account information (including login or payment details) was disclosed. This was not an AWS issue; Amazon spokesperson Adam Montgomery said, “AWS is secure by default and implemented by design.

Leave A Reply

Your email address will not be published.