Cybersecurity researchers cybernews report that the media company Lionsgate data leak has occurred IP– addresses of users and information about the content they are viewing.

The breach concerns video streaming platform Lionsgate Play, which left an instance of the ElasticSearch database with user data open. Experts found 20 GB of unprotected server logs (logs), which contained almost 30 million entries, the oldest of which is dated May 2022.

• IP addresses of users of the service and information about their devices, operating system and web browser;
• platform usage data that is commonly used for analytics and performance tracking;
• URLs containing the titles and identifiers of the content that users viewed on the platform, as well as search queries entered by users;
• unidentified hashes with registered HTTP GET requests. Because these hashes were included in HTTP requests, they could be used as authentication secrets or simply user IDs.

Following Cybernews’ disclosure of the data, Lionsgate shut down the ElasticSearch instance. Cybernews experts have confirmed that the Lionsgate information leak does not spread on hacker forums.

Expanded logs

The combination of user IP addresses and device data can be used by attackers to launch targeted attacks to deliver malware to devices. User agents (Useragent) could provide cybercriminals with information about what OS the user is using, helping scammers identify potential vulnerabilities that can be used for malicious purposes.

Along with usage data, attackers can identify victim behavior patterns to develop more targeted spear phishing attacks to steal personal information.