Names, emails, and subscription plan details of Sundance NOW and Shudder subscribers were found unprotected in a publicly available company database on May 1st. Although the AMC Networks customer information was non-sensitive, it took 24 hours, several bounced emails, and an intervention by a member of the press for the company to respond. A cyber-threat intelligence director named Bob Diachenko details the steps he took to alert the company on his blog. His remarks conveyed surprise about the lack of a concrete incident response process.
- 1,615,360 subscriber records containing names, emails, and streaming service subscription plan details
- More than 3,000 invoices with names, emails, and the last 4 digits of their credit card
- Business and video analytic records from Youbora collected on 441,943 users, including their IP addresses, city, state, zip and streaming details.
- Internal AMC Networks catalogue data and metadata.
AMC took down the exposed information as soon as officials received the alert. The response was quick and appropriate after the failure of the original notification process delayed action. They issued the following statement in response to the incident. “We became aware of an issue regarding access to an internal development database, which was primarily used for catalogue data along with certain other non-sensitive subscriber information, and we immediately took action to close off this access,” the company said in a statement to Diachenko at Security Discovery Consulting. “We are taking steps to make sure this doesn’t happen again.”
Although the information wasn’t financial, he recommends any AMC Networks streaming customers who subscribe to either Sundance NOW or Shudder remain alert in the coming months for phishing scams. The information across the various databases was complete enough to create a partial profile by which an unsuspecting customer could be scammed.
Disclaimer: This article may have had additional images, links or data that was added by this site's editor.
We are happy to be a featured partner of the Cord Cutting Daily news network.