H5N1 safety researcher working for California-based cyber resiliency trouble solid UpGuard has late discovered a wide-open, public-facing misconfigured Amazon Web Server S3 cloud storage bucket containing approximately a gigabyte's worth of credentials too configuration files for the backend of dozens of Viacom properties.
These exposed credentials discovered past times UpGuard researcher Chris Vickery would direct hold been plenty for hackers to direct hold downwards Viacom's internal information technology infrastructure too cyberspace presence, allowing them to access cloud servers belonging to MTV, Paramount Pictures too Nickelodeon.
Among the information exposed inwards the leak was Viacom's master copy cardinal to its Amazon Web Services account, too the credentials required to cook too keep Viacom servers across its many subsidiaries too dozens of brands.
"Perhaps virtually damaging amid the exposed information are Viacom's hush-hush cloud keys, an exposure that, inwards the virtually damaging circumstances, could position the international media conglomerate's cloud-based servers inwards the hands of hackers," an UpGuard spider web log postal service says.
"Such a scenario could enable malicious actors to launch a host of damaging attacks, using the information technology infrastructure of i of the world's largest broadcast too media companies."In other words, the access cardinal too hush-hush cardinal for the company's AWS trouble organisation human relationship would direct hold allowed hackers to compromise Viacom's servers, storage, too databases nether the AWS account.
In add-on to these damaging leaks, the unprotected server also contained GPG decryption keys, which tin ship away endure used to unlock sensitive data. However, the server did non incorporate whatever client or employee information.
Although it is unclear whether hackers were able to exploit this information to access of import files belonging to Viacom too the firms it owns, the media giant said there's no prove anyone had abused its data.
"We direct hold analyzed the information inwards enquiry too determined at that topographic point was no cloth impact," the companionship said inwards a statement.All the credentials direct hold instantly been changed after UpGuard contacted Viacom executives privately, too the server was secured soon afterwards.
"Once Viacom became aware that information on a server—including technical information, exactly no employee or client information—was publicly accessible, nosotros rectified the issue."
This is non the start fourth dimension when Vickery has discovered a company's sensitive information stored on an unprotected AWS C3 server.
Vickery has previously tracked downwards many exposed datasets on the Internet, including personal details of over 14 meg Verizon customers, a cache of 60,000 documents from a States military, information of over 191 Million States voter records, too 13 Million MacKeeper users.
