Media giant Viacom dodges bullet over massive security breach

Media giant Viacom dodges bullet over massive security breach”

The powerful Fortune 500 company owns a number of major media companies and cable channels including Paramount Pictures, Comedy Central, and Nickelodeon among others. These credentials could have compromised Viacom's servers, data storage and databases as well as cloud instances in the company's toolchain. An Amazon server with about a gigabyte of different credentials that belong to Viacom employees was actually found online without being secured, according to a security firm called UpGuard in California.

As Vickery said in his blog post describing the discovery, 'Picture a skeleton key, opening not merely every door in a house, but every door that could be added to the house as well.

A malicious actor who gained access to Viacom servers could not only control the access and data contained therein, warns UpGuard, but the data could have been used to execute phishing schemes, using confidential data to trick users into giving up personal details including banking or credit card information. This is the type of master access that was publicly exposed in the S3 bucket'.

UpGuard also found the Gnu GPG decryption keys to Viacom regular backups stored in the AWS S3 data repository.

Within the repository were passwords and manifests for Viacom's servers, and data needed to maintain and expand the IT infrastructure of an US$18 billion multinational corporation and also Viacom's access key and secret key for the corporation's AWS account.

UpGuard researcher Chris Vickery went to notify Viacom of the security issues on August 31, explaining the severity of the situation and the company worked quickly to resolve the issue, but it took several hours to secure the server before the problem was patched to satisfaction.

The security vendor also found a master provisioning server running the Puppet configuration and management tool, that could be used to spin up new task-specific servers for Viacom.

"Analysis of the Viacom leak reveals nothing less than this: the keys to a media kingdom were left publicly accessible on the internet, completely compromising the integrity of Viacom's digital infrastructure".

"Recurring throughout the contents of each decompressed file are mentions of Viacom, as well as its associated brands, including MTV, VH1, and Comedy Central - a clear indication of the data's goal and use", UpGuard said.

"The leaked Viacom data is remarkably potent and of great significance, an important reminder that cloud leaks need not be large in disk size to be devastating; when it comes to data exposures, quality can be as vital as quantity", UpGuard said.

Like this


21 September 2017
Lawyer: Panel delays interview
Michael Cohen is appearing Tuesday before staff members of the Senate Intelligence Committee. He said he never saw any evidence of collusion with Russians relating to the election.

21 September 2017
Emma Stone on Her Anxiety & Coping Strategies
Emma Stone may have a new movie to promote, but that isn't stopping her from discussing the importance of mental health. "I was nine and I was in therapy".

21 September 2017
Los Angeles hit With Hepatitis A Outbreak, 2 Cases Confirmed
Dr Ferrer has stated that their division will be instigating prevention methods so nobody else faces the fear of getting ill. In other cases, it could be drinking contaminated water or having sex with someone who also has Hepatitis A.

21 September 2017
Pinellas announces Hurricane Irma make-up day
The announcement was made Tuesday evening at the rescheduled Berkeley County Board of Education Meeting. Wolf said the district may have enough instructional hours to cover the remaining two lost days.

21 September 2017
How Elisabeth Moss' Emmys Outfit Gave a Subtle Message to the Patriarchy
I think we can all agree on that, and I'm all for seeing these issues take center stage in the big-budget film industry. Overall, it's estimated the group performed over 11,000 abortions in a safe, positive, comforting environment.

21 September 2017
Sashastra Seema Bal jawan dies in terrorist attack in J&K's Banihal
He said the SSB men are deployed for security in the area as work on 4-laning of Srinagar-Jammu highway is underway. Within a few minutes, there was a fire. "We are investigating as the injured SSB man has no bullet injury".

21 September 2017
Wall Street closes higher after Fed policy statement
ASIA'S DAY: The Shanghai Composite Index gained 0.3 percent to 3,362.86 and Hong Kong's Hang Seng added 1.3 percent to 28,159.77. Gold hit a 2-1/2 week low on Monday as the dollar rose ahead of a two day Federal Reserve meeting and global equities surged.

21 September 2017
North Korea 'faces destruction if it continues with nuclear weapons programme'
North Korea will be high on the agenda for world leaders this coming week at the annual meeting of the U.N. In Sunday's tweet , Trump said he asked Mr Moon about "Rocket Man" - an apparent reference to Kim.

21 September 2017
Sens Propose Bill That Would Allow FEMA Help for Churches
The letter argues faith-based organizations have played a large role in recovery efforts following the storm. "This policy is discriminatory and wrong".

21 September 2017
Golar LNG Partners LP (GMLP) Set to Announce Quarterly Earnings on Tuesday
ValuEngine downgraded Golar LNG Limited from a "hold" rating to a "sell" rating in a research note on Friday, September 1st. Citigroup has "Buy" rating and $26 target. 07/01/2016 - Golar LNG Limited was upgraded to "buy" by analysts at DNB Markets.