Free movie streaming site Kanopy announced that they have suffered a significant data leak Due to an unprotected web log database, which could be publicly accessed without authentication of any kind.
The exposed data contained a great deal of information about the people who use the service to stream content.
Geolocation, timestamp, device type, IP address, and the URLs of accessed files were all part of the available records.
It was found that the data compromised was detailed enough that, “it likely would have been possible to identify the identity of a person,” and figure out what that person had been watching online.
It’s unclear if the leaked data has been put to any malicious use, but the company thinks the possibility exists.
TPRM report: https://scoringcyber.rankiteo.com/company/kanopy
"id": "kan8712323",
"linkid": "kanopy",
"type": "Data Leak",
"date": "03/2019",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Streaming Service',
'name': 'Kanopy',
'type': 'Company'}],
'attack_vector': 'Unprotected Web Log Database',
'data_breach': {'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Geolocation',
'Timestamp',
'Device Type',
'IP Address',
'URLs of Accessed Files']},
'description': 'Free movie streaming site Kanopy suffered a significant data '
'leak due to an unprotected web log database, which could be '
'publicly accessed without authentication.',
'impact': {'data_compromised': ['Geolocation',
'Timestamp',
'Device Type',
'IP Address',
'URLs of Accessed Files'],
'identity_theft_risk': True},
'title': 'Kanopy Data Leak',
'type': 'Data Leak',
'vulnerability_exploited': 'Lack of Authentication'}