Viacom Left Sensitive Information Together With Surreptitious Access Telephone Commutation On Unsecured Amazon Server

Viacom—the pop amusement in addition to media companionship that owns Paramount Pictures, Comedy Central, MTV, in addition to hundreds of other properties—has exposed the keys to its kingdom on an unsecured Amazon S3 server.

H5N1 safety researcher working for California-based cyber resiliency theatre UpGuard has of late discovered a wide-open, public-facing misconfigured Amazon Web Server S3 cloud storage bucket containing some a gigabyte's worth of credentials in addition to configuration files for the backend of dozens of Viacom properties.

These exposed credentials discovered yesteryear UpGuard researcher Chris Vickery would get got been plenty for hackers to get got downward Viacom's internal information technology infrastructure in addition to cyberspace presence, allowing them to access cloud servers belonging to MTV, Paramount Pictures in addition to Nickelodeon.

Among the information exposed inward the leak was Viacom's master copy fundamental to its Amazon Web Services account, in addition to the credentials required to ready in addition to keep Viacom servers across its many subsidiaries in addition to dozens of brands.

"Perhaps virtually damaging with the exposed information are Viacom's hugger-mugger cloud keys, an exposure that, inward the virtually damaging circumstances, could position the international media conglomerate's cloud-based servers inward the hands of hackers," an UpGuard weblog postal service says. 

"Such a scenario could enable malicious actors to launch a host of damaging attacks, using the information technology infrastructure of 1 of the world's largest broadcast in addition to media companies."

In other words, the access fundamental in addition to hugger-mugger fundamental for the company's AWS trouble organization human relationship would get got allowed hackers to compromise Viacom's servers, storage, in addition to databases nether the AWS account.

According to the analysis performed yesteryear UpGuard, a number of cloud instances used inside the media company's information technology toolchain, including Docker, Splunk, New Relic, in addition to Jenkins, could get got "thus been compromised inward this manner."

In improver to these damaging leaks, the unprotected server also contained GPG decryption keys, which tin live on used to unlock sensitive data. However, the server did non incorporate whatsoever client or employee information.

Although it is unclear whether hackers were able to exploit this information to access of import files belonging to Viacom in addition to the firms it owns, the media giant said there's no evidence anyone had abused its data.

"We get got analyzed the information inward enquiry in addition to determined in that place was no cloth impact," the companionship said inward a statement.

"Once Viacom became aware that information on a server—including technical information, simply no employee or client information—was publicly accessible, nosotros rectified the issue."

All the credentials get got straightaway been changed after UpGuard contacted Viacom executives privately, in addition to the server was secured presently afterwards.

This is non the outset fourth dimension when Vickery has discovered a company's sensitive information stored on an unprotected AWS C3 server.

Vickery has previously tracked downward many exposed datasets on the Internet, including personal details of over 14 1000000 Verizon customers, a cache of 60,000 documents from a U.S.A. military, information of over 191 Million U.S.A. voter records, in addition to 13 Million MacKeeper users.

Share This :