AMC Networks Left Exposed 1.6 Million Records With User Data
AMC Networks has shut off public access to a database for its Sundance Now and Shudder subscription-streaming services that was discovered to be accessible on the open internet, after the company was alerted to the issue by a security researcher.
The publicly exposed AMC database included 1.62 million total records with subscriber data, including names, emails, and subscription plan details for Sundance Now and Shudder. The data set didn’t include full credit-card information but did include 3,351 links to Stripe invoices with subscribers’ names, emails and the last four digits of their credit card, according to Bob Diachenko, cyber-threat intelligence director at Security Discovery Consulting, who detailed the issue in a blog post Friday.
AMC said it the database in question for used by “internal development” and primarily used for catalog data and “certain other non-sensitive subscriber information.”
“[W]e immediately took action to close off this access,” AMC Networks said in a statement to Security Discovery Consulting. “We are taking steps to make sure this doesn’t happen again.”
Sundance Now, $6.99 per month or $59.99 annually, offers a lineup of original and exclusive dramas, comedies, and true-crime series, in addition to movies including foreign-language and documentary features.
Shudder is designed to “super-serve” horror fans with films, TV shows and originals in genres including thrillers, suspense and horror. It’s priced at $4.99 monthly or $49.99 per year.