A security analyst found that AMC Networks had accidentally exposed more than 1.6 million records of subscribers of the organization’s two premium streaming video stages, Sundance Now and Shudder. The openly available database incorporated the names and email locations of subscribers just as insights regarding their membership plans. It included in excess of 3,000 invoices handled by Stripe that recorded the last four digits of a client’s credit card.
Notwithstanding the client records, which didn’t contain any full payment information or data that would be viewed as sensitive, the database additionally contained video analytics information gathered by Youbora. There were increasingly 441,943 records that included client IP addresses, nation, city, state, ZIP code, coordinates and insights concerning what gadgets they use to watch streaming substance. The data was proposed to be utilized by supporters however could be gotten to by any individual who found the database.
AMC Networks was cautioned of the issue and has verified the database so it is never again openly available. Notwithstanding, the security scientist who found the exposure—Bob Diachenko of Security Discovery—said AMC didn’t make it simple to reveal the issue. The company’s email addresses for privacy and security topics bounced back messages and the company’s security officers reportedly were unresponsive.
The security analyst blog post reads: “On May 1st I have discovered an unprotected and publicly available MongoDB instance which appeared to contain data related to AMC Networks’ premium streaming offerings – Sundance NOWand Shudder. Although no sensitive information was exposed…”
Image via security discovery