Amazon Prime Viewing Data Leaked by Accident

It seems like a security lapse causes another Internet business to be caught red-handed spewing reams of data on the internet every other day. But mistakes are common, even for industry leaders like Amazon. Anurag Sen, a security researcher, discovered an internet-accessible database on an internal Amazon server that contained information about Amazon Prime watching patterns. However, since the database was not password-protected, anyone with a web browser could view its contents by simply knowing its IP address. Additionally, the "Sauron" Elasticsearch database held about 215 million entries of pseudonymized viewing information, including the title of the streamed show or movie, the device it was viewed on, and other internal information like the network's performance and specifics about their subscription, like whether they are an Amazon Prime subscriber. Furthermore, the database was discovered to be online for the first time on September 30 according to Shodan, a search engine for internet-connected items. And even though it's unsettling that a company with Amazon's size and resources could keep such a sizable data cache online for weeks without anybody knowing, our study indicates that the information cannot be utilized to specifically identify any particular client. The error, however, brings attention to a widespread issue that frequently leads to data exposures - incorrectly set up internet-facing servers that are left online without a password for public access. What's more Sen gave information about the database in an effort to secure the information, which a source forwarded to Amazon. But, a little while afterward, the database was unreachable. "There was a deployment error with a Prime Video analytics server. This problem has been resolved and no account information (including login or payment details) was exposed. This was not an AWS issue; AWS is secure by default and performed as designed," according to Amazon spokesperson Adam Montgomery.