Kanopy streaming service database leaked up to 40 million log entries about movies viewed by users



    The free video streaming service Kanopy allowed a massive leak of data from its users. An error in the configuration of the weblog database opened up public access to its contents without authentication. The leak was discovered by information security researcher Justin Paine.

    According to the expert, from March 7, from 26 to 40 million log entries from the database could get into public access.

    What happened


    The Kanopy service enters into agreements with libraries and public organizations to provide users with free access to old films, documentaries and other types of video content.

    The leaked logs contained a large amount of information about users, including geolocation, timestamps, device type, IP address and URL of the pages requested by them. Payne is sure that all this is enough to reveal the identity of the end user of the resource. Also, potential attackers could find out what kind of content a person was viewing online.

    At the moment, the error has been fixed, and there is no information that anyone tried to use the information that came into public access for dishonest purposes. At the same time, Payne believes that depending on what the user watched, potential attackers might try to blackmail.

    Not only kanopy


    Leaks of this kind have been occurring more often lately. So in the spring of 2019, the Facebook social network recognized the fact that the passwords of millions of users were stored in unencrypted form, last year the Instagram-owned photo service Instagram also experienced a data leak. Game developers at Bethesda have also recognized that prevented accidental leakage of personal data of players in Fallout 76.

    During incident investigation projects and during traffic analysis, we regularly find typical errors in the configurations of information systems and violations of corporate regulations on information security. In 9 out of 10 organizations, regardless of their size and scope, there are both passwords that are transmitted in the clear and the use of remote access utilities. All this seriously increases the chances of attackers to break into and develop an attack.

    On Thursday, April 11, at 14:00 during a free webinar, Positive Technologies experts will analyze the most popular configuration errors and violations of IS regulations and show how to quickly detect them using the PT Network Attack Discovery traffic analysis system.. Students will also learn what needs to be done to improve network hygiene in the organization. We invite network administrators, information security experts and their managers, as well as Positive Technologies partners.

    To participate in the webinar you need to register .

    Also popular now: