A database containing viewing habits of Amazon Prime Video users, stored on an internal Amazon server, was accidently exposed online that could be accessed by anyone with a web browser.
Cyber-security researcher Anurag Sen found the database with Amazon Prime viewing habits stored on an internal Amazon server that was accessible online.
TechCrunch reported that according to search engine Shodan, the database was first detected as exposed to the internet on September 30.
“But because the database was not protected with a password, the data within could be accessed by anyone with a web browser just by knowing its IP address,” the report noted.
The database had nearly 215 million entries of viewing data, such as the name of the show or movie that is being streamed, what device it was streamed on, and other internal data.
The Amazon Prime Video database was later removed from Internet.
An Amazon spokesperson told TechCrunch that there was a “deployment error with a Prime Video analytics server”.
“This problem has been resolved and no account information (including login or payment details) were exposed. This was not an AWS issue; AWS is secure by default and performed as designed,” the spokesperson added.
In its latest Q3 earnings call, the company said that ‘The Lord of the Rings: The Rings of Power’, attracted more than 25 million global viewers on its first day, the biggest debut in Prime Video history, and closing in on 100 million viewers to date.
It also kicked off the inaugural season of Prime Video as the exclusive home of NFL Thursday Night Football with more than 15 million viewers for its first game.