Media giant Viacom dodges bullet over massive security breach

The powerful Fortune 500 company owns a number of major media companies and cable channels including Paramount Pictures, Comedy Central, and Nickelodeon among others. These credentials could have compromised Viacom's servers, data storage and databases as well as cloud instances in the company's toolchain. An Amazon server with about a gigabyte of different credentials that belong to Viacom employees was actually found online without being secured, according to a security firm called UpGuard in California.

As Vickery said in his blog post describing the discovery, 'Picture a skeleton key, opening not merely every door in a house, but every door that could be added to the house as well.

A malicious actor who gained access to Viacom servers could not only control the access and data contained therein, warns UpGuard, but the data could have been used to execute phishing schemes, using confidential data to trick users into giving up personal details including banking or credit card information. This is the type of master access that was publicly exposed in the S3 bucket'.

UpGuard also found the Gnu GPG decryption keys to Viacom regular backups stored in the AWS S3 data repository.

Within the repository were passwords and manifests for Viacom's servers, and data needed to maintain and expand the IT infrastructure of an US$18 billion multinational corporation and also Viacom's access key and secret key for the corporation's AWS account.

UpGuard researcher Chris Vickery went to notify Viacom of the security issues on August 31, explaining the severity of the situation and the company worked quickly to resolve the issue, but it took several hours to secure the server before the problem was patched to satisfaction.

The security vendor also found a master provisioning server running the Puppet configuration and management tool, that could be used to spin up new task-specific servers for Viacom.

"Analysis of the Viacom leak reveals nothing less than this: the keys to a media kingdom were left publicly accessible on the internet, completely compromising the integrity of Viacom's digital infrastructure".

"Recurring throughout the contents of each decompressed file are mentions of Viacom, as well as its associated brands, including MTV, VH1, and Comedy Central - a clear indication of the data's goal and use", UpGuard said.

"The leaked Viacom data is remarkably potent and of great significance, an important reminder that cloud leaks need not be large in disk size to be devastating; when it comes to data exposures, quality can be as vital as quantity", UpGuard said.

Like this


21 September 2017
Jay-Z and Kanye West Planning Meeting To End Feud
Things between the two soured after Kanye called out Jay during his infamous Saint Pablo Tour rant . He made a song called 'Big Brother.' We've gotten past bigger issues.

21 September 2017
Emma Stone on Her Anxiety & Coping Strategies
Emma Stone may have a new movie to promote, but that isn't stopping her from discussing the importance of mental health. "I was nine and I was in therapy".

21 September 2017
India wins 1 gold, 2 bronze at Asian Indoor Games
The country's savior in the Rio Olympics a year ago after winning a silver medal, Diaz finished second behind Chinese Liao Qiuyun. Kazakhstan, China, Thailand, the United Arab Emirates and India have earned the 4th to 8th places respectively.

21 September 2017
RFU's attempt to reduce Six Nations to six weeks is defeated
He added: "We're the players' union - we have to respond to what our members want and clearly that is the ultimate sanction". Playing four internationals in a row in the autumn is not the same as the intensity of the Six Nations.

21 September 2017
American Homes 4 Rent Position Added By Principal Financial Group
Ventas, Inc. (NYSE:VTR) for the trailing twelve months paying dividend with the payout ratio of 0.00% to its shareholders. As its institutional ownership stands at 12.20%, the ownership flows provide evidence to be a good test of stock returns.

21 September 2017
Gov. Wolf Says Time Running Out On Budget Deal Before Downgrade
Senate Republicans shot back saying they agree with S&P's concerns about fiscal stability. Governors have no executive power to authorize spending.

21 September 2017
Loxo Oncology, Inc. - LOXO - Stock Price Today
Russell Investments Group Ltd.'s holdings in Clovis Oncology were worth $581,000 at the end of the most recent reporting period. Moreover, Millennium Mngmt Limited Liability has 0.1% invested in Clovis Oncology Inc (NASDAQ: CLVS ) for 1.08M shares.

21 September 2017
Nikki Haley: Trump's fire and fury comment 'not an empty threat'
Though they aren't their top choices for the region, Haley and McMaster said, they are available to the President. On Monday, it unanimously approved its toughest sanctions yet on North Korea over its nuclear test.

21 September 2017
Sens Propose Bill That Would Allow FEMA Help for Churches
The letter argues faith-based organizations have played a large role in recovery efforts following the storm. "This policy is discriminatory and wrong".

21 September 2017
Golar LNG Partners LP (GMLP) Set to Announce Quarterly Earnings on Tuesday
ValuEngine downgraded Golar LNG Limited from a "hold" rating to a "sell" rating in a research note on Friday, September 1st. Citigroup has "Buy" rating and $26 target. 07/01/2016 - Golar LNG Limited was upgraded to "buy" by analysts at DNB Markets.