Click to Skip Ad
Closing in...
  1. Prime Day Deals
    07:58 Deals

    Amazon has 10 new early Prime Day deals you need to see to believe

  2. Best Kitchen Gadgets
    08:33 Deals

    Amazon shoppers are obsessed with this $23 gadget that should be in every kitchen

  3. Amazon Echo Auto Price
    09:43 Deals

    Amazon’s $50 Echo Auto adds Alexa to your car – today it’s only $15

  4. Viral Tiktok Videos
    12:38 Deals

    We can’t believe how smart this $7 toothpaste tube hack is from Amazon

  5. Prime Day 2021 Deals
    11:28 Deals

    5 best Prime Day deals you can already get today

Media giant Viacom dodges bullet over massive security breach

September 19th, 2017 at 5:54 PM
Viacom data leak security firm UpGuard

Viacom, the media conglomerate that owns Paramount, Comedy Central, MTV, and hundreds of other properties, has had a giant security flaw exposed by a security firm. The good news is that hackers don’t appear to have taken advantage of the weakness; the bad news is that credentials and configuration files for the backend of dozens of media properties was up for grabs on a vulnerable server.

According to UpGuard, the security firm that exposed the breach, a researcher found compressed backup files sitting on a publicly accessible Amazon Web Services storage bucket. The files contained details on Viacom’s Multiplatform Compute Services, the infrastructure behind hundreds of Viacom’s online properties. If that data had been found by someone with worse intentions, the consequences could have been catastrophic.

An UpGuard blog post details how the vulnerability was easily found:

On August 30th, 2017, UpGuard Director of Cyber Risk Research Chris Vickery discovered a publicly downloadable Amazon Web Services S3 cloud storage bucket, located at the subdomain “mcs-puppet” and containing seventy-two .tgz files. Vickery noted that each of the .tgz files, an extension often used for compressing backup data, had been created since June 2017 at irregular intervals; on some days, no such files had been created, while on others, five or six had been generated throughout the day.

It gets worse:

Exposed within this repository are not only passwords and manifests for Viacom’s servers, data needed to maintain and expand the IT infrastructure of an $18 billion multinational corporation, but perhaps more significantly, Viacom’s access key and secret key for the corporation’s AWS account. By exposing these credentials, control of Viacom’s servers, storage, or databases under the AWS account could have been compromised. Analysis reveals that a number of cloud instances used within Viacom’s IT toolchain, including Docker, New Relic, Splunk, and Jenkins, could’ve thus been compromised in this manner.

Vickery contacted Viacom executives privately, shortly after discovering the breach, and the server was secured shortly afterwards. It’s a timely — and worrying! — reminder that data breaches don’t have to contain millions of personal files to be damaging; a gigabyte of passwords and config files can be just as bad as hundreds of millions of SSNs.

Popular News