AMC Exposed Subscribers Database Containing 1.6 Million Records

  •  
  •  
  •  
  • 1
  •  
  •  
  •  
    1
    Share

Another security incident makes it to the news that risks more than a million individuals. Allegedly, AMC Networks left 1.6 million records online on an unsecured MongoDB instance. Inadvertently, AMC exposed subscribers database related to its streaming platforms Sundance Now and Shudder.

AMC Exposed Subscribers Database Publicly

According to a discovery by Bob Diachenko, AMC exposed subscribers database inadvertently on an unsecured MongoDB instance. As per his findings reported in his blog post, the firm allegedly left 1.6 million records of its subscribers online.

He found an unsecured MongoDB instance on May 1, 2019, that had information related to the subscribers of streaming services Sundance NOW and Shudder. Precisely he found 1,615,360 records containing names and email addresses of subscribers. Furthermore the data also included details about subscription plans such as sign-up dates, billing dates, account status, country, etc.

In addition to these details, the researcher also found other information in the database. As stated in the blog post, these include,

3,351 links to Stripe invoices, with names, emails and last 4 digits of credit card.

Youbora (video analytics and business intelligence for broadcasters), (441,943 records), collected on users, such as users’ IP, country, city, state, zip, coordinates plus details on streaming devices, metadata etc.

Links to internal catalogue data and other metadata info.

In a response to his tweet, he confirmed that the database included records from 2016 to 2019.

Access To Database Now Closed

After this discovery, Bob Diachenko made a number of attempts to contact the firm and report the matter. However, all his efforts failed due to restrictions by AMC Networks on email recipients.

Nonetheless, he later gained assistance from Zack Whittaker of TechCrunch, after which he found the database closed down. AMC also acknowledged their report with the following statement,

“We became aware of an issue regarding access to an internal development database, which was primarily used for catalogue data along with certain other non-sensitive subscriber information, and we immediately took action to close off this access. We are taking steps to make sure this doesn’t happen again.”

Prior to to this incident, Diachenko also reported about an unsecured MongoDB belonging to Iranian ride-hailing app. The exposed database included sensitive information about Iranian drivers.

The following two tabs change content below.
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!