Kanopy privacy breach reveals which movies members have been streaming

Posted on by Dissent

On March 22, Simon Cohen reported:

Free movie streaming site Kanopy has suffered a significant data leak, according to security researcher Justin Paine. Due to an unprotected web log database, which could be publicly accessed without authentication of any kind, Paine believes that the company has been leaking “roughly 26-40 million log lines per day beginning March 7th.”

Though Kanopy has now fixed the problem, the exposed data contained a great deal of information about the people who use the service to stream content. Geolocation, timestamp, device type, IP address, and the URLs of accessed files were all part of the available records. Paine claims that it’s detailed enough that, “it likely would have been possible to identify the identity of a person,” and figure out what that person had been watching online.

Read more on Digital Trends.

Here’s the text of the email notification Kanopy had sent to users on March 21, courtesy of someone who received it and sent it on to me:

From: “Kanopy” <[email protected]>
Date: March 21, 2019 at 3:24:43 PM PDT
Subject: Kanopy Security Update

Good afternoon,

Over the weekend, we became aware of an issue affecting the security of our
platform. We promptly resolved the issue by Monday afternoon and are taking
all necessary steps to maintain the security of our systems going forward.
While our investigation is ongoing, at this stage, we believe significantly
less than one percent of accounts have been affected.

The only thing as important as providing our Kanopy users with rich viewing
experiences is protecting the integrity and security of your data. As our
community continues to grow, we will always prioritize ensuring that our
platform is entirely secure, regardless of scale.

We regret that these circumstances have affected the Kanopy community. While
our analysis of the incident is ongoing, I personally assure you that we are
doing everything it takes to protect against this type of event in the
future.

Olivia Humphrey
CEO, Kanopy

Category: Business SectorExposure