cyber Breach

Viacom

Dec 10, 2023 1 min read
Viacom

Hackers were given a gift when media company Viacom put private information and a secret access key in an unprotected Amazon AWS S3 bucket.

Seventy-two compressed.tgz files were found in the Amazon AWS S3 bucket under the name "MCS," which seems to be the name of Viacom's Multiplatform Compute Services division, which manages the company's IT infrastructure.

A gigabyte's worth of configuration data and login passwords for the backend of several Viacom properties were made public via the cloud storage.

The integrity of Viacom's digital infrastructure was seriously jeopardised when the keys to a media kingdom were left openly available on the internet, according to analysis of the Viacom breach.

Source: https://securityaffairs.com/63201/data-breach/viacom-data-leak.html

TPRM report: https://scoringcyber.rankiteo.com/company/viacom

"id": "via228111223",
"linkid": "viacom",
"type": "Breach",
"date": "09/2017",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Media',
                        'name': 'Viacom',
                        'type': 'Media Company'}],
 'attack_vector': 'Unprotected Amazon AWS S3 Bucket',
 'data_breach': {'file_types_exposed': ['Compressed .tgz Files'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Configuration Data',
                                              'Login Passwords']},
 'description': 'Hackers were given a gift when media company Viacom put '
                'private information and a secret access key in an unprotected '
                'Amazon AWS S3 bucket. Seventy-two compressed.tgz files were '
                "found in the Amazon AWS S3 bucket under the name 'MCS,' which "
                "seems to be the name of Viacom's Multiplatform Compute "
                "Services division, which manages the company's IT "
                "infrastructure. A gigabyte's worth of configuration data and "
                'login passwords for the backend of several Viacom properties '
                'were made public via the cloud storage. The integrity of '
                "Viacom's digital infrastructure was seriously jeopardised "
                'when the keys to a media kingdom were left openly available '
                'on the internet, according to analysis of the Viacom breach.',
 'impact': {'data_compromised': ['Configuration Data', 'Login Passwords'],
            'systems_affected': ['Backend of Several Viacom Properties']},
 'initial_access_broker': {'entry_point': 'Unprotected Amazon AWS S3 Bucket'},
 'post_incident_analysis': {'root_causes': 'Misconfiguration of AWS S3 Bucket'},
 'title': 'Viacom AWS S3 Bucket Data Leak',
 'type': 'Data Leak',
 'vulnerability_exploited': 'Misconfiguration'}
Published by
Roshni Ray
Roshni Ray
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.