Amazon Inadvertently Exposed an Internal Server with Prime Video Watching Habits

What happened?

It was recently discovered that Amazon mistakenly disclosed consumers' Prime Video habits. Essentially, there is an internal Amazon database that is crammed with information which was easily available to anyone with access to the IP address. Because this information was not protected with a password or any kind of security measures, TechCrunch states that, “The Elasticsearch database — named “Sauron” — contained about 215 million entries of pseudonymized viewing data” (TechCrunch).

What information was exposed?

There was no account information, such as credentials or payment data, that was exposed to the public. However, the following user information was accessible.

● The movie or show that is being streamed
● Details about the user’s subscription
● What device it was streamed on
● Network quality

How long was the data exposed?

The data was accessible to the public from September 30th until late October. Amazon became aware of this exposure by TechCrunch, where the issue was resolved moments later.

What does this breach mean for businesses?

Although no personal data was taken in this instance, it illustrates a prevalent issue where basic security processes are not adequately applied to protect users' information at the large corporations we trust with our information. This event also demonstrates the necessity for businesses, big or small, to ensure that they have the right security measures in place to protect our clients' and customers' personal information.

The Infiniwiz technical team takes a proactive approach to your network security. Make sure that you stay up to date with data breaches and larger companies you may relate to.