Amazon inadvertently exposed an internal server containing Prime Video viewing habits

Anurag Sen, a security researcher, discovered a database containing Amazon Prime viewing habits on an internal Amazon server that was accessible via the internet. However, because the database was not password-protected, anyone with a web browser could access the data simply by knowing its IP address.

The Elasticsearch database, dubbed "Sauron" (make of that what you will), contained approximately 215 million entries of pseudonymized viewing data, such as the name of the show or movie being streamed, the device on which it was streamed, and other internal data, such as network quality and subscription details, such as whether they are an Amazon Prime customer. The database was first detected as being exposed to the internet on September 30, according to Shodan, a search engine for internet-connected things.

4 views0 comments