Free Movie Streaming Site Database Accessible to Public
Who: Kanopy
When: 22 Mar 2019
# of records involved: 26 to 40 Million Log Lines per day
What happened: An unprotected weblog database belonging to a free movie streaming site accessible to the public without authentication of any kind.
How did it happen: The streaming service was leaking access and API logs through an unsecured ElasticSearch database. The exposed data contained a great deal of information about the people who use the service to stream content. Geolocation, timestamp, device type, IP address, and the URLs of accessed files were all part of the available records. The information is detailed enough that it likely would have been possible to identify the identity of a person and to figure out what that person had been watching online. It’s unclear if the leaked data has been put to any malicious use, but the possibility exists
Outcome: Though Kanopy has now fixed the problem, the exposed data contained a great deal of information about the people who use the service to stream content