Video streaming platform Lionsgate Play exposed sensitive data of millions of users, Cybernews cybersecurity researchers discovered.
website team found (opens in new tab) Lionsgate’s platform held an unprotected ElasticSearch instance containing 20 GB of server logs with approximately 30 million entries. Some of the data dated him back to May 2022 and included the user’s IP address as well as information about the user’s device, operating system and web browser.
Although this is not exactly personally identifiable information, (opens in new tab) can still be used by threat actors to conduct intrusions, researchers say.
Possible authentication secret “It can be useful in targeted attacks, especially when combined with other leaked or public information,” the Cybernews team said in the report.
By knowing the IP address, attackers can deliver custom-built malicious payloads to their targets, they added.
But this wasn’t the only data exfiltrated via ElasticSearch. Usage data such as content titles, IDs, and search queries were also exposed. This data is typically used by analysts to track platform and content performance. In addition, researchers found an unidentified hash stored on the server for logged HTTP GET requests (requests for user-generated data).
The researchers were unable to reveal what the hash was used for, but said the hash contained over 156 characters.
“The hashes did not match any commonly used hashing algorithms. These hashes were included in the HTTP request and could have been used as secrets for authentication or simply as user identities.” I think,” said the researcher.
When contacted by researchers, Lionsgate responded by closing open instances. However, no official statement has been made yet.
Streaming platforms are popular targets among cybercriminals. Prior to Lionsgate Play, the hacker successfully compromised Plex, START, and Carbon TV.
