It feels like just about every other day one more tech startup is caught red-faced spilling reams of information across the world-wide-web due to the fact of a lapse in safety. But even for technologies giants like Amazon, it is simple to make blunders.
Security researcher Anurag Sen identified a database packed with Amazon Prime viewing habits stored on an internal Amazon server that was accessible from the world-wide-web. But due to the fact the database was not protected with a password, the information inside could be accessed by everyone with a internet browser just by realizing its IP address.
The Elasticsearch database — named “Sauron” (make of that what you will) — contained about 215 million entries of pseudonymized viewing information, such as the name of the show or film that is becoming streamed, what device it was streamed on, and other internal information, like the network high quality and specifics about their subscription, such as if they are a Amazon Prime consumer.
According to Shodan, a search engine for world-wide-web-connected factors, the database was 1st detected as exposed to the world-wide-web on September 30.
While disconcerting that a firm of Amazon’s size and wealth could leave such a large cache of information on the world-wide-web for weeks with no everyone noticing, primarily based on our critique, the information can’t be employed to personally determine prospects by name. But the lapse highlights a popular issue that underpins a lot of information exposures — misconfigured world-wide-web-facing servers that are left on the internet with no a password for everyone to access.
Sen supplied specifics of the database in an work to get the information secured, and TechCrunch passed the info to Amazon out of an abundance of caution. The database was inaccessible a brief time later.
“There was a deployment error with a Prime Video analytics server. This problem has been resolved and no account information (including login or payment details) were exposed. This was not an AWS issue; AWS is secure by default and performed as designed,” stated Amazon spokesperson Adam Montgomery.