Oct 28, 2022 10:25:00

Amazon mistakenly publishes an internal server filled with prime video viewing habits information

There are many cases where technology-related startups leak a large amount of data that exists on the Internet due to security deficiencies, but not only startups but also large companies like Amazon are affected by data leaks. You can make mistakes. Security researcher

Anurag Sen has reported the discovery of a database full of Prime Video viewing habits stored on Amazon's internal servers accessible over the Internet.

Amazon accidentally exposed an internal server packed with Prime Video viewing habits | TechCrunch
https://techcrunch.com/2022/10/27/amazon-prime-video-server-exposed/

The database on Amazon's internal server that Sen discovered was an Elasticsearch database named 'Sauron'. The database contains approximately 215 million pieces of viewing habit information, including the names of shows and movies distributed on Prime Video, the types of devices used for streaming, user network quality, and details of user contracts. It is said that 10,000 items were saved. Since this database was not password protected, it was possible for anyone to access the data from a web browser just by knowing the IP address.

According to Shodan , a tool that checks for open ports among devices connected to the Internet, it seems that Sauron was first published on the Internet on September 30, 2022.

According to overseas media TechCrunch, it is impossible to identify the customer's name at the individual level using Sauron's data. TechCrunch said, ``It is embarrassing that even a company of the size of Amazon can leave a huge amount of data cache on the Internet for weeks without anyone noticing.'' ``This is a lot of data It highlights the underlying problem of the leak, ``If a server connected to the Internet is mistakenly configured without a password, it will be accessible to anyone.''

In addition, Mr. Sen provided information about Sauron to TechCrunch, and when TechCrunch provided database information to Amazon, it seems that access to Sauron became impossible after a while.

An Amazon spokesperson said, 'A deployment error occurred on our Prime Video Analytics servers. This issue has been resolved and account information, including login and payment details, is no longer exposed. This is not an AWS issue. No, AWS is secure by default and works as designed,' emphasizing that it is not an AWS problem.