[BreachExchange] AMC accidentally exposed data on 1.6 million subscribers

Destry Winant destry at riskbasedsecurity.com
Mon May 6 10:04:43 EDT 2019


https://www.engadget.com/2019/05/03/amc-sundance-now-shudder-subscriber-exposed-database/

A security researcher discovered that AMC Networks had inadvertently
exposed more than 1.6 million records of subscribers to the company's
two premium streaming video platforms, Sundance Now and Shudder. The
publicly accessible database included the names and email addresses of
subscribers as well as details about their subscription plans. It
included more than 3,000 invoices processed by Stripe that listed the
last four digits of a user's credit card.

In addition to the user records, which didn't contain any full payment
data or information that would be considered sensitive, the database
also contained video analytics data collected by Youbora. There were
more 441,943 records that included user IP addresses, country, city,
state, ZIP code, location coordinates and details about what devices
they use to watch streaming content. The information was intended to
be used by broadcasters but could be accessed by anyone who discovered
the database.

AMC Networks was alerted of the issue and has secured the database so
it is no longer publicly accessible. However, the security researcher
who discovered the exposure—Bob Diachenko of Security Discovery—said
AMC didn't make it easy to disclose the issue. The company's email
addresses for privacy and security topics bounced back messages and
the company's security officers reportedly were unresponsive.


More information about the BreachExchange mailing list