Viacom is an American popular multinational media company with concerns primarily in cinema and cable television.
On August 30th, 2017, a security researcher from California-based cyber resiliency firm UpGuard has found a publicly downloadable Amazon Web Services S3 cloud storage bucket, found at the subdomain “mcs-puppet” and containing about a gigabyte’s worth of credentials and configuration files (72 .tgz files) for the backend of dozens of Viacom properties.
The researcher said that each of the .tgz files, an extension usually used for compressing backup data, had been created since June 2017 at irregular intervals.
According to researchers:
“Perhaps most damaging among the exposed data are Viacom’s secret cloud keys, an exposure that, in the most damaging circumstances, could put the international media conglomerate’s cloud-based servers in the hands of hackers. Such a scenario could enable malicious actors to launch a host of damaging attacks, using the IT infrastructure of one of the world’s largest broadcast and media companies.”
it is unclear whether attackers were capable of exploiting this data to access critical files belonging to Viacom and the firms it owns, the company said that there’s no evidence anyone had abused its data.
The researchers have contacted Viacom privately and now all the credentials have been changed.