May 31, 2023

Researchers have identified a data leak with Lionsgate, an entertainment industry giant, exposed the IP addresses and viewing habits of its subscribers via publicly accessible Elasticsearch instance.

Lionsgate has 37 million global customers and produced $3.6 billion in income last year, while Netflix leads all streaming services with almost 230 million users.

An unsecured 20GB of server logs containing approximately 30 million entries were uncovered, and the earliest of these records was dated May 2022. Subscribers’ IP addresses and information about their devices, operating systems, and web browsers were revealed in the logs.

Researchers also discovered unidentifiable hashes with logged HTTP GET requests, which are records of requests made by clients to obtain data from a web server: when these requests are made, they are saved in log files on the server.

The researchers were unable to discover the specific purpose or use of the hashes. Yet, the fact that the hashes all include more than 156 characters implies that they were designed to remain unmodified for lengthy periods of time.

Hashes didn’t match any commonly used hashing algorithms. Since these hashes were included in the HTTP requests, we believe they could have been used as secrets for authentication, or just user IDs.

The platform’s Canadian-American owner, Lionsgate Entertainment Corporation, owns Twilight Saga, Saw, Terminator, The Hunger Games, and The Divergent Series.

Attackers can use victims’ IP addresses and other device information to conduct targeted attacks and distribute malware to their devices. User agents may have disclosed information about the user’s operating system and the services it uses, giving attackers a leg up in the hunt for exploitable vulnerabilities.

With the growing number of new streaming services, the risk of misconfigurations and data breaches also grows. It can be useful in targeted attacks, especially when combined with other leaked or publicly available information.

Leave a Reply

%d bloggers like this: