lionsgate
The video-streaming service Lionsgate Play was found to have exposed user information via an exposed ElasticSearch instance, the researchers found during their examination.
The Cybernews research team found 20GB of server logs that were not password-protected and comprised about 30 million entries. These records revealed subscribers' IP addresses as well as user information about device, operating system, and web browser.
The platform's usage information, which is generally used for analytics and performance monitoring, was also exposed by logs. The names and IDs of the content that users watched on the site were located in URLs that were discovered in logs, coupled with the search terms that users used.
Researchers also discovered unidentified hashes with HTTP GET request records, which are records of requests made by clients and typically used to obtain data from servers and are maintained in log files on the server.
Source: https://securityaffairs.com/143886/security/lionsgate-data-leak.html
"id": "LIO4221023",
"linkid": "lionsgate",
"type": "Data Leak",
"date": "03/2023",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"