Lionsgate Play, the video-streaming platform owned by Lionsgate Entertainment Corporation, has leaked user data through an open ElasticSearch instance, according to research by Cybernews.
The unprotected 20GB of server logs contained 30 million entries with the oldest dated May 2022, and exposed subscribers’ IP addresses, device data and usage data for analytics and performance tracking.
The leaked URLs contained the titles and IDs of content users watched on the platform, along with search queries entered by the users.
Researchers also found unidentified hashes with logged HTTP GET requests, which could have been used as secrets for authentication or user IDs.
Cybernews contacted Lionsgate about the leak, and the company responded by closing the open instance, but has yet to provide an official response.
Lionsgate has over 37 million global subscribers and generated $3.6 billion in revenue last year.
The data could aid targeted attacks, especially when combined with other leaked or publicly available information, as user agents could help identify potential vulnerabilities that can be exploited for malicious purposes.
As the number of users on streaming platforms increases, they become a tempting target for cybercriminals.
Even minor security loopholes might cause serious damage, yet security is often overlooked. According to Cybernews, the leaked information in this particular case is not typically shared in hacker communities, but it is still sensitive.
Threat actors can cross-reference a user’s search queries and viewed content with their IP address to build a more comprehensive profile of the individual.
Along with usage data, this can identify patterns of behaviour, which can be used to craft more accurate, targeted phishing attacks aimed at stealing personal information.
