Media giant Viacom dodges bullet over massive security breach

The powerful Fortune 500 company owns a number of major media companies and cable channels including Paramount Pictures, Comedy Central, and Nickelodeon among others. These credentials could have compromised Viacom's servers, data storage and databases as well as cloud instances in the company's toolchain. An Amazon server with about a gigabyte of different credentials that belong to Viacom employees was actually found online without being secured, according to a security firm called UpGuard in California.

As Vickery said in his blog post describing the discovery, 'Picture a skeleton key, opening not merely every door in a house, but every door that could be added to the house as well.

A malicious actor who gained access to Viacom servers could not only control the access and data contained therein, warns UpGuard, but the data could have been used to execute phishing schemes, using confidential data to trick users into giving up personal details including banking or credit card information. This is the type of master access that was publicly exposed in the S3 bucket'.

UpGuard also found the Gnu GPG decryption keys to Viacom regular backups stored in the AWS S3 data repository.

Within the repository were passwords and manifests for Viacom's servers, and data needed to maintain and expand the IT infrastructure of an US$18 billion multinational corporation and also Viacom's access key and secret key for the corporation's AWS account.

UpGuard researcher Chris Vickery went to notify Viacom of the security issues on August 31, explaining the severity of the situation and the company worked quickly to resolve the issue, but it took several hours to secure the server before the problem was patched to satisfaction.

The security vendor also found a master provisioning server running the Puppet configuration and management tool, that could be used to spin up new task-specific servers for Viacom.

"Analysis of the Viacom leak reveals nothing less than this: the keys to a media kingdom were left publicly accessible on the internet, completely compromising the integrity of Viacom's digital infrastructure".

"Recurring throughout the contents of each decompressed file are mentions of Viacom, as well as its associated brands, including MTV, VH1, and Comedy Central - a clear indication of the data's goal and use", UpGuard said.

"The leaked Viacom data is remarkably potent and of great significance, an important reminder that cloud leaks need not be large in disk size to be devastating; when it comes to data exposures, quality can be as vital as quantity", UpGuard said.

Like this



21 September 2017
Jay-Z and Kanye West Planning Meeting To End Feud
Things between the two soured after Kanye called out Jay during his infamous Saint Pablo Tour rant . He made a song called 'Big Brother.' We've gotten past bigger issues.

21 September 2017
LG V30 rolls out in South Korea, other markets to follow
LG has announced four color options for the LG V30, namely moroccan blue, cloud silver, aurora black and lavender violet. It features a 6-inch QHD+ (1440×2880 pixels) OLED FullVision display with a pixel density of 538ppi.

21 September 2017
Viacom Inc. (VIA) Declares $0.20 Quarterly Dividend
Viacom, Inc . (VIAB) have shown a high EPS growth of 0.00% in the last 5 years and has earnings decline of -23.80% yoy. Equities research analysts forecast that Viacom will post $3.55 earnings per share for the current fiscal year.

21 September 2017
AG Ferguson Suing NW Detention Center Operator
GEO has appealed the class-action status granted to the Colorado lawsuit in April. "Give me a break", Ferguson said. A group called the Northwest Detention Center Resistance called Ferguson's lawsuit a victory for hunger strikers.

21 September 2017
Molina Healthcare Inc (NYSE:MOH) Closed 5.3% Above Its 50 Day Average
It worsened, as 55 investors sold NFLX shares while 228 reduced holdings. 98 funds opened positions while 319 raised stakes. Finally, Tiedemann Wealth Management LLC lifted its position in shares of Molina Healthcare by 3.1% in the first quarter.

21 September 2017
Pinellas announces Hurricane Irma make-up day
The announcement was made Tuesday evening at the rescheduled Berkeley County Board of Education Meeting. Wolf said the district may have enough instructional hours to cover the remaining two lost days.

21 September 2017
How Elisabeth Moss' Emmys Outfit Gave a Subtle Message to the Patriarchy
I think we can all agree on that, and I'm all for seeing these issues take center stage in the big-budget film industry. Overall, it's estimated the group performed over 11,000 abortions in a safe, positive, comforting environment.

21 September 2017
Loxo Oncology, Inc. - LOXO - Stock Price Today
Russell Investments Group Ltd.'s holdings in Clovis Oncology were worth $581,000 at the end of the most recent reporting period. Moreover, Millennium Mngmt Limited Liability has 0.1% invested in Clovis Oncology Inc (NASDAQ: CLVS ) for 1.08M shares.

21 September 2017
Wall Street closes higher after Fed policy statement
ASIA'S DAY: The Shanghai Composite Index gained 0.3 percent to 3,362.86 and Hong Kong's Hang Seng added 1.3 percent to 28,159.77. Gold hit a 2-1/2 week low on Monday as the dollar rose ahead of a two day Federal Reserve meeting and global equities surged.

21 September 2017
North Korea 'faces destruction if it continues with nuclear weapons programme'
North Korea will be high on the agenda for world leaders this coming week at the annual meeting of the U.N. In Sunday's tweet , Trump said he asked Mr Moon about "Rocket Man" - an apparent reference to Kim.