Free Movie Streaming Site Database Accessible to Public – Mainstream Managed Services

‭+1 (603) 285-9680‬

Free Movie Streaming Site Database Accessible to Public

Who: Kanopy 

When: 22 Mar 2019

# of records involved: 26 to 40 Million Log Lines per day

What happened: An unprotected weblog​ database belonging to a free movie streaming site accessible to the public without authentication of any kind.

How did it happen: The streaming service was leaking access and API logs through an unsecured ElasticSearch database. The exposed data contained a great deal of information about the people who use the service to stream content. Geolocation, timestamp, device type, IP address, and the URLs of accessed files were all part of the available records. The information is detailed enough that it likely would have been possible to identify the identity of a person and to figure out what that person had been watching online. It’s unclear if the leaked data has been put to any malicious use, but the possibility exists

Outcome: Though Kanopy has now fixed the problem, the exposed data contained a great deal of information about the people who use the service to stream content

Malcare WordPress Security