Amazon Accidentally Exposed Database From Prime Video

Does everyone know what you are watching now on Prime Video? Amazon accidentally exposed a database, according to a security researcher.

A security researcher named Anurag Sen found an unsecured database containing Amazon Prime viewing history on an internal Amazon server. Because the database wasn’t encrypted, anyone who knew its IP could access the information. Amazon Accidentally Exposed

The Elasticsearch database called Sauron contained about 215 million entries, including the names of shows and movies being watched, which devices were used to manage them, and other internal data such as network speeds and whether someone had subscribed to Amazon Prime Video.

As per Shodan, an online service that searches for devices connected to the web, the database was first discovered to be publicly available.

It was disturbing that a company of Amazon’s size and fortune could allow so much sensitive customer information to remain accessible on the web for weeks without anyone noticing.

Who was affected after Amazon accidentally exposed the data?

However, after reviewing the incident, we found no evidence that the exposed information could be used to personally ID customers by their names. But the lapse reveals a common issue that underlies many security lapses involving unsecured public-facing servers left online with no password for anyone to access.

“We’re sorry for any inconvenience caused by this incident,” said Amazon spokesperson Adam Montgomery.” This was not an AWS issue. We perform our cloud security audits regularly and found nothing suspicious.”

While the database exposed around 2.15 million viewing habits to anyone accessing the IP addresses, the leaked databases did not contain the personal information belonging to individuals who had used the service. When Amazon learned of the leak, it quickly made them unavailable.