Lionsgate streaming platform leaks user data

Entertainment giant Lionsgate leaked users’ IP addresses and information about what content they watch on its movie-streaming platform.

Lionsgate left a whopping 20GB of server logs that contained nearly 30 million entries on an open ElasticSearch instance. The Cybernews research team discovered that the logs exposed subscribers’ IP addresses and user data concerning the device, operating system, and web browser.

The exposed logs also included Lionsgate’s platform’s usage data, primarily used for analytics and performance tracking. However, URLs in leaked logs contained titles and IDs of what content was watched on the platform.

Unidentified hashes with logged HTTP GET requests and records of requests made by clients that are usually used to get data from a web server were also included in the logs.

Researchers couldn’t determine why the data was protected with hashes, often reserved to safeguard sensitive data. However, since all hashes had over 156 characters, meaning they are difficult to decipher, the data was likely intended to remain unchanged for a long time.

Lionsgate Entertainment Corporation, the Canadian-American company behind the platform, owns many well-known titles such as Twilight Saga, Saw, Terminator, The Hunger Games, and The Divergent Series.

While Netflix heads the fleet of competing streaming platforms with over 230 million subscribers, Lionsgate boasts over 37 million. The company also generated $3.6 billion in revenue last year.