An Amazon Prime Video server packed with viewer data was exposed online

Another day, another misconfigured database leaking sensitive customer data to the wider internet. 

This time around, the perpetrator is none other than Amazon, as according to TechCrunch, cybersecurity researcher Anurag Sen recently discovered a major Amazon database, no password protection whatsoever, available to anyone who knew where to look. 

With the help of Shodan – a search engine for internet-connected things, Sen discovered the database, named Sauron, and found it full of Amazon Prime viewing habits.

Deployment error

In total, the database held some 215 million entries of pseudonymized viewing data – meaning while there’s plenty of data on specific customers to learn about their viewing habits, it’s virtually impossible to connect those accounts with actual identities. Sauron contains things such as movie/series name, the device used to stream the content, network quality, customer subscription plan, etc. 

The database was reportedly first detected to be exposed in late September 2022, after which Amazon was tipped off, and removed the system from the wider web.

“There was a deployment error with a Prime Video analytics server. This problem has been resolved and no account information (including login or payment details) were exposed. This was not an AWS issue; AWS is secure by default and performed as designed,” TechCrunch cited Amazon spokesperson Adam Montgomery.

Cloud misconfigurations are nothing new, and researchers have been warning for years that this man-made error is a major cause for data breaches. In fact, a 2021 IBM report claimed 19% of data breaches happen because IT teams fail to properly protect the assets found within their cloud infrastructure. The company polled more than 500 organizations that suffered a data breach for the report, and learned that for half (52%), securing data stored in the public cloud remained a challenge. 

Furthermore, an Accurics report from 2020 claimed “nearly all” cloud storage deployments were misconfigured.

Go to Source