Amazon by accident uncovered an inner server full of Prime Video viewing habits • TechCrunch

It looks like each different day one other tech startup is caught red-faced spilling reams of information throughout the web due to a lapse in safety. However even for expertise giants like Amazon, it’s straightforward to make errors.

Safety researcher Anurag Sen discovered a database full of Amazon Prime viewing habits saved on an inner Amazon server that was accessible from the web. However as a result of the database was not protected with a password, the info inside might be accessed by anybody with an online browser simply by realizing its IP deal with.

The Elasticsearch database — named “sauron” (make of that what you’ll) — contained about 215 million entries of pseudonymized viewing knowledge, such because the identify of the present or film that’s being streamed, what machine it was streamed on, and different inner knowledge, just like the community high quality, and particulars about their subscription, reminiscent of if they’re a Amazon Prime buyer.

Based on Shodan, a search engine for internet-connected issues, the database was first detected as uncovered to the web on September 30.

Whereas disconcerting that an organization of Amazon’s dimension and wealth may depart such an enormous cache of information on the web for weeks with out anybody noticing, based mostly on our evaluate, the info can’t be used to personally determine clients by identify. However the lapse highlights a standard downside that underpins many knowledge exposures — misconfigured internet-facing servers which might be left on-line with no password for anybody to entry.

Sen supplied particulars of the database in an effort to get the info secured, and TechCrunch handed the data to Amazon out of an abundance of warning. The database was inaccessible a short while later.

“There was a deployment error with a Prime Video analytics server. This downside has been resolved and no account info (together with login or fee particulars) had been uncovered. This was not an AWS challenge; AWS is safe by default and carried out as designed,” mentioned Amazon spokesperson Adam Montgomery.