Lionsgate has leaked users’ IP addresses and information about what shows they watch on its streaming platform. While researching the company, Cybernews discovered an unprotected 20GB of server logs containing nearly 30 million entries going back to May 2022. These logs included subscribers’ IP addresses and other information including device type, OS and web browser.
The logs also leaked usage data for the platform which is generally used for analytics and performance tracking. URLs in these logs contained titles and IDs of the content users were watching in addition to search queries.
Finally, the researchers also discovered unidentified hashes with logged HTTP GET requests. They’re not quite sure of the exact purpose or usage of the hashes, that said, the fact that all hashes contained more than 156 characters indicates that they were intended to remain unchanged for an extended period of time.
Luckily, this leaked information hasn’t yet been shared on a hacking forum. However, with the popular clearnet hacking forum BrearchForms being taken down recently, threat actors might be in on the action on dark net hacking forums which are generally harder to find. Nevertheless, the information is still sensitive and can be used to carry out targeted attacks, especially when combined with other leaked or publicly available information.
The user agents in these logs provide information regarding operating systems, browsers and sometimes even screen resolution and size. This is all helpful information for threat actors to customise payloads for specific users and increase their chances of a successful attack.
Lionsgate isn’t the only streaming service to accidentally leak data as well. Researchers also found leaked source code containing internal API documentation, full access credentials and access tokens with full API source code, including a partial app structure for US-based streaming service CarbonTV in 2022. The leak was caused by poor control access to the .git folder.
Another major US-based streaming service Plex also faced an attack in August 23022 where the company noticed suspicious behaviour on one of its servers and asked users to update their passwords as a precaution. START, a major Russian streaming platform also suffered a data breach impacting 44 million users in 2022.