New unprotected MongoDB instance found leaking over 1 million records of AMC Networks
- The affected video platforms are Sundance Now and Shudder.
- The unguarded database contained 1,615,360 records related to AMC Networks’ subscribers.
An unprotected MongoDB database has exposed more than 1 million records of two premium streaming video platforms belonging to AMC Networks. The affected video platforms are Sundance Now and Shudder.
In a detailed report, security researcher, Bob Diachenko, mentioned that he had discovered the publicly accessible MongoDB database on May 1, 2019. The unguarded database contained 1,615,360 records related to AMC Networks’ subscribers.
What data is exposed?
The information exposed in the leak includes:
- Names, email addresses and subscription plan details of Sundance Now and Shudder subscribers;
- 3,351 links to Stripe invoices, with names, emails and last 4 digits of a credit card;
- Video analytics data collected by Youbora. There were nearly 441,943 records that included user IP addresses, country, city, state, ZIP code, location coordinates and details of streaming devices;
- Links to internal catalog data and other metadata info.
How has AMC Networks responded?
AMC Networks has been alerted about the issue. It has issued a statement following the discovery.
“We became aware of an issue regarding access to an internal development database, which was primarily used for catalogue data along with certain other non-sensitive subscriber information, and we immediately took action to close off this access. We are taking steps to make sure this doesn’t happen again,” the company told the security researcher.
Meanwhile, the company has secured the unprotected database. It is no longer available to the public.