Video streaming platform Lionsgate Play uncovered delicate information on thousands and thousands of its customers, cybersecurity researchers from Cybernews discovered.

The web site’s workforce discovered (opens in new tab) Lionsgate’s platform stored an unprotected ElasticSearch occasion, containing 20GB of server logs with roughly 30 million entries. A number of the information dates again to Might 2022, and included consumer IP addresses in addition to info on consumer gadgets, working programs, and net browsers. 

Whereas this isn’t precisely personally identifiable info (opens in new tab), it may nonetheless be utilized by menace actors to conduct intrusions, the researchers mentioned.

Attainable authentication secrets and techniques

“It may be helpful in focused assaults, particularly when mixed with different leaked or publicly out there info,” Cybernews’ workforce mentioned in its report.

By figuring out the IP addresses, the attackers can ship custom-built malicious payloads to the targets, they added.

However this isn’t the one information that was leaked through ElasticSearch. Utilization information, comparable to content material titles, IDs, and search queries, had been additionally leaked. This information is often utilized by analysts to trace the platform’s and content material’s efficiency. Moreover, researchers found unidentified hashes with logged HTTP GET requests, that are user-made requests for information, saved on the server.

Whereas the researchers couldn’t say what the hashes are used for, they did say they comprise greater than 156 characters, that means they had been supposed to remain unchanged for lengthy. 

“Hashes didn’t match any generally used hashing algorithms. Since these hashes had been included within the HTTP requests, we imagine they may have been used as secrets and techniques for authentication, or simply consumer IDs,” mentioned researchers.

When reached out to by the researchers, Lionsgate responded by closing the open occasion. Nonetheless, an official assertion is but to be made. 

Streaming platforms are well-liked targets amongst cybercriminals. Earlier than Lionsgate Play, hackers managed to breach Plex, START, and Carbon TV.

• Try the perfect password managers (opens in new tab) proper now