Lionsgate Streaming Platform Leaks Data of 37 Million Users

Lionsgate Play, a popular video streaming platform, has recently been found to have exposed sensitive data on millions of its users. Cybersecurity researchers from Cybernews discovered that the platform had kept an unprotected ElasticSearch instance, which contained 20GB of server logs with approximately 30 million entries. Some of this data even dates back to May 2022 and includes user IP addresses, as well as information on user devices, operating systems, and web browsers.

While this may not be considered personally identifiable information, it can still be used by threat actors to conduct intrusions. The researchers noted that this data could be useful in targeted attacks, especially when combined with other leaked or publicly available information. By knowing the IP addresses, attackers can deliver custom-built malicious payloads to their targets.

However, the data leak doesn’t stop there. Usage data, such as content titles, IDs, and search queries, were also leaked. This type of data is typically used by analysts to track the platform’s and content’s performance. Additionally, researchers discovered unidentified hashes with logged HTTP GET requests, which are user-made requests for data stored on the server.

While the researchers couldn’t determine what the hashes were used for, they did note that they contained more than 156 characters, indicating that they were supposed to remain unchanged for a long time. The researchers suggested that these hashes could have been used as secrets for authentication or just user IDs.

After being contacted by the researchers, Lionsgate responded by closing the open instance. However, an official statement has yet to be made.

Unfortunately, streaming platforms are popular targets among cybercriminals. Prior to Lionsgate Play’s data leak, hackers managed to breach Plex, START, and Carbon TV. These incidents highlight the need for increased cybersecurity measures to protect user data.

To prevent similar incidents from happening in the future, companies must prioritize cybersecurity and implement robust security protocols. This includes regularly updating software and systems, conducting regular security audits, and providing employee training on cybersecurity best practices.

It’s also important for users to take steps to protect their personal information online. This includes using strong passwords, enabling two-factor authentication whenever possible, and being cautious when sharing personal information online.

In conclusion, the recent data leak at Lionsgate Play serves as a reminder of the importance of cybersecurity in today’s digital age. Companies must take proactive steps to protect user data, while users must also take responsibility for protecting their own personal information online. By working together, we can create a safer and more secure online environment for everyone.