1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Massive streaming service data leak sees over 324 million records

    From TechnologyDaily@1337:1/100 to All on Thu Aug 7 13:15:07 2025
    Massive streaming service data leak sees over 324 million records breached - here's what we know

    Date:
    Thu, 07 Aug 2025 12:04:00 +0000

    Description:
    A TV and streaming service, owned by Deutsche Telekom, kept an open database, leaking IP addresses, MAC addresses, and more.

    FULL STORY ======================================================================Cybernew s found an unprotected database containing sensitive data on millions of MagentaTV users Around 324 million logs were contained within The database
    has since been locked down, but users should be on their guard

    MagentaTV, a TV and streaming platform owned by German telecommunications giant Deutsche Telekom has been found leaking sensitive customer information for months.

    In a blog post, security researchers from Cybernews said in June 2025, it found an unprotected Elasticsearch instance, hosted by Serverside.ai, which
    is a server-side ad insertion platform.

    The archive weighs 729GB, and contains more than 324 million log entries. These entries contained users IP addresses, MAC addresses, session IDs, customer IDs, and user agents. Furthermore, some of the logs contained HTTP headers from requests the customers were sending. Hijacking sessions and impersonating users

    Deeper investigation determined the database belonged to MagentaTV, and that it was receiving between 4 and 18 million new logs every day.

    In theory, HTTP headers, including customer IDs and session IDs, could be
    used for session hijacking, allowing attackers to log into customer accounts without needing to know any personal account information or passwords. However, in the real world, additional security measures preventing such session hijacking were likely in place, Cybernews researchers said.

    Theoretically, there are plenty of things threat actors could do with this information.

    They could use IP addresses to find peoples real-life locations, or could use MAC addresses to identify, or track, specific devices, even spoofing them in certain scenarios. Session IDs (if still valid) could be used to hijack
    active sessions, impersonate users, and gain access to their accounts or personal data.

    Customer IDs could allow threat actors to reconstruct user profiles, leading to spear phishing, social engineering, or credential stuffing campaigns,
    while HTTP headers might contain browsing activity, cookies, authentication tokens, and more.

    MagentaTV most likely started leaking the data in February 2025 and plugged the hole after being tipped off by Cybernews . You might also like PBS
    reveals data breach after company info leaked on Discord Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/massive-streaming-service-data-leak-see s-over-324-million-records-breached-heres-what-we-know


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)