AMC Networks inadvertently left the information of 1.6 million subscribers to its Sundance Now and Shudder streaming services exposed.
1,615,360 records with subscribers’ information — such as names, emails, and subscription plan details — related to the two services were found in an unprotected and publicly available database by Bob Diachenko, a cyber-threat intelligence director at Security Discovery Consulting, who brought light to the issue in a blog post on Friday.
AMC Networks did not immediately respond to request for comment
[contextual-link post_id=”3884556” title=”Also Read” link_title=”How to Advocate for Equal Pay: ‘Stand in Your Success’ (All Things Video Podcast)” target=””
The data did not include full credit card numbers but did include 3,351 links to invoices, with names, emails and the last four digits of users’ credit cards. The document also contained video analytics and business intelligence for broadcasters collected on users, such as users’ IP, country, city, state, zip, coordinates, plus details on streaming devices and metadata.
AMC Networks has since shut off public access to the database.
“We became aware of an issue regarding access to an internal development database, which was primarily used for catalogue data along with certain other non-sensitive subscriber information, and we immediately took action to close off this access,” the company said in a statement to Security Discovery Consulting. “We are taking steps to make sure this doesn’t happen again.”