Do you watch movies on Prime Video? So anyone could check your information on the Internet. You said you wouldn’t touch the power of the Ring? Sauron saw you looking.
Amazon Security Breach. Discovered “Sauron”!
Lately, we’ve been finding time and time again that big (like Facebook) and smaller (like Uber) tech corporations are slipping out of our hands (and artists out of our music). This time the Amazon woke up and smelled the intense smell of ammonia while wiping his face. A huge database of user habits has emerged on the web.
Anurag Sen, a security researcher, discovered a database on an internal Amazon server that could be accessed directly from the Internet. The database was not protected by any password, so anyone who knew the IP address could access it. The data set is titled “Sauron” which, as most probably know, is the name of the main villain of The Lord of the Rings. It is ironic in the context of the recent premiere of the last episodes of the first season of The Rings of Power and the controversy surrounding the identity of this character in the Amazon series (in addition to the controversy surrounding the entire production).
Shodan search engine reports that this database was created for the first time available online September 30, so access to it exists for about a month. Of course, after Anurag Sen’s application, the base was immediately secured by Amazon.
What did Sauron set his eye on?
The database contained approximately 215 million entries about user nicknames, watched programs or movies and the devices they were broadcast to. You can also find privileged information such as a user’s network quality and subscription details.
The amount of data left unprotected by Amazon may be worrying, but an analysis by TechCrunch shows that based on the data contained in “Sauron”, it was not possible to identify Amazon customers by name. However, this highlights the serious problem of poorly configured servers remaining online without a password. Amazon spokesman Adam Montgomery released a statement:
An error occurred while deploying the Prime Video analytics server. This issue has been resolved and no account information (including login and payment information) has been released