According to Cybernews’ investigation, entertainment industry giant Lionsgate leaked information about users’ IP addresses and the content they watch on their movie streaming platforms.
Original post: https://cybernews.com/security/lionsgate-data-leak/
During their investigation, researchers discovered that video streaming platform Lionsgate Play leaked user data through a public ElasticSearch instance.
Cybernews research team uncovered 20 GB of unprotected server logs containing nearly 30 million entries, with the oldest being May 2022. The logs exposed subscribers’ IP addresses and user data related to devices, operating systems, and web browsers.
The logs also leaked usage data from platforms commonly used for analytics and performance tracking. The URL found in the log contains the search query entered by the user, along with the title and ID of the content the user viewed on the platform.
Researchers also discovered unverified hashes of HTTP GET requests, a record of requests made by clients commonly used to fetch data from web servers. When these requests are made, they are stored in a log file on the server.
Researchers have not been able to determine the hash’s exact purpose or use. However, hashes that contain all 156 characters or more indicate that they are intended to remain unchanged for long periods of time.
“The hash did not match commonly used hashing algorithms. Since these hashes are included in HTTP requests, we believe they can be used as secrets or user IDs for authentication,” the researcher said.
Cybernews contacted Lionsgate about the leak, and the company responded by closing open instances. However, at the time of writing, there is no official answer yet.
Big hitters at risk
Lionsgate Entertainment Corporation, the Canadian-American entertainment company that operates the platform, owns several well-known and globally recognized film and TV franchises, including: Twilight Saga, I saw, Terminator, the hunger gamesand divergent series.
While Netflix is at the forefront of all streaming platforms with over 230 million subscribers, Lionsgate has over 37 million subscribers worldwide and generated $3.6 billion in revenue last year.
Online streaming platforms are growing in popularity due to COVID-19. In 2022, subscriptions to VOD platforms reached 83% in the US, an increase of over 30% over 8 years.
However, the growing number of users on the platform makes it a tempting target for cybercriminals. Even a minor security hole can cause serious damage, but security is often overlooked. Cybernews’ research is an outstanding example of this trend.
Data can help with cyberattacks
“As the number of new streaming services increases, the risk of misconfigurations and data leaks also increases,” said Cybernews researchers.
According to them, the information leaked in this particular case is not usually shared in the hacker community. Nonetheless, it is still sensitive.
“It can be useful in targeted attacks, especially when combined with other leaked or public information,” the researchers explained.
The combination of a user’s IP address and device data can be exploited by malicious actors to deliver a harmful payload to the device, creating a targeted attack targeting the user.
User agents can provide attackers with insight into the operating system or services a user is running, helping fraudsters identify potential vulnerabilities that can be exploited for malicious purposes.
The user agent is information about the user’s device operating system, browser and, in some cases, screen resolution and size. It also helps ensure that webpages display correctly on your device.
“Threat actors can cross-reference content viewed by users’ search queries and IP addresses to build more comprehensive profiles of individuals,” the researchers said.
Along with usage data, threat actors can identify patterns of behavior and potentially use this information to create more targeted phishing attacks aimed at stealing personal information.
Take a look at the original post if you want to know about other streaming platforms affected by the data breach. In ~ https://cybernews.com/security/lionsgate-data-leak/
About the author: Polina OkuniteCybernews reporter
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(security work – Hacking, Lionsgate)
share