Unsecured AWS bucket 'left Viacom open to hackers'

The public server exposed media firm's cloud to potential attacks

UpGuard has revealed a security hole in a Viacom server that it claims could have potentially allowed hackers to take control of the media giant's entire cloud infrastructure.

The company behind Paramount Pictures, MTV, Comedy Central and Nickelodeon was exposing a master provisioning server running Puppet to the general public, plus the credentials needed to build and maintain the majority of its infrastructure, according to UpGuard.

Even its secret cloud keys were possible to steal and use, allowing hackers to break into the company's entire cloud-based server network, launching a large-scale cyber attack. The data could be used for phishing, for example using the company's name to carry out malicious attacks or hackers could spin off additional servers to use Viacom's servers as a botnet.

"This cloud leak exposed the master controls of the world's sixth-largest media corporation, potentially enabling the takeover of Viacom's internal IT infrastructure and internet presence by any malicious actors," Upguard's Dan O'Sullivan wrote in a blog post.

"The potential nefarious acts made possible by this cloud leak could have resulted in grave reputational and business damages for Viacom, on a scale rarely seen."

The security hole was uncovered by UpGuard director of cyber risk research Chris Vickery, who discovered an AWS cloud storage bucket, located at the subdomain "mcs-puppet". It contained 72 .tgz files - backups that had been made at regular intervals since June 2017.

The last backup had been created on 30 August - the day before Vickery made Viacom aware of the publicly accessible information. Viacom patched the flaw within hours of Vickery telling it about the issue, according to Deadline.

No employee or customer information was compromised and an analysis found no "material impact", Viacom added.

However, when the files were unpacked, Vickery uncovered sensitive data relating to MTV, VH1 and Comedy Central. Digging deeper, Vickery found passwords and other details for Viacom's servers, the data needed to maintain the company's servers and the data needed to access its AWS account.

"The leaked Viacom data is remarkably potent and of great significance, an important reminder that cloud leaks need not be large in disk size to be devastating; when it comes to data exposures, quality can be as vital as quantity," O'Sullivan said.

"Analysis of the Viacom leak reveals nothing less than this: the keys to a media kingdom were left publicly accessible on the internet, completely compromising the integrity of Viacom's digital infrastructure."

IT Pro has approached Viacom for comment.

Picture: Bigstock

Featured Resources

How to scale your organisation in the cloud

How to overcome common scaling challenges and choose the right scalable cloud service

Download now

The people factor: A critical ingredient for intelligent communications

How to improve communication within your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Recommended

What is the Computer Misuse Act?
Policy & legislation

What is the Computer Misuse Act?

2 Mar 2021
What is cloud-to-cloud backup?
cloud backup

What is cloud-to-cloud backup?

1 Mar 2021
Lazarus APT hacking group is targeting the defense industry
Security

Lazarus APT hacking group is targeting the defense industry

26 Feb 2021
Microsoft open sources CodeQL queries used in Solorigate inquiry
Security

Microsoft open sources CodeQL queries used in Solorigate inquiry

26 Feb 2021

Most Popular

How to connect one, two or more monitors to your laptop
Laptops

How to connect one, two or more monitors to your laptop

25 Feb 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

26 Feb 2021
Ransomware operators are exploiting VMware ESXi flaws
ransomware

Ransomware operators are exploiting VMware ESXi flaws

1 Mar 2021