Free movie streaming site Kanopy has suffered a significant data leak, according to security researcher Justin Paine. Due to an unprotected web log database, which could be publicly accessed without authentication of any kind, Paine believes that the company has been leaking “roughly 26-40 million log lines per day beginning March 7th.”
Though Kanopy has now fixed the problem, the exposed data contained a great deal of information about the people who use the service to stream content. Geolocation, timestamp, device type, IP address, and the URLs of accessed files were all part of the available records. Paine claims that it’s detailed enough that, “it likely would have been possible to identify the identity of a person,” and figure out what that person had been watching online.
It’s unclear if the leaked data has been put to any malicious use, but Paine thinks the possibility exists: “Depending on the videos being watched — that potentially could be embarrassing information.”
Similar types of leaks have been occurring at a steady pace recently. Just this week, Facebook admitted to storing millions of users passwords as plain text, meaning that anyone with access to the records could read and copy the passwords without needing to decrypt them. Last year, Facebook-owned Instagram reported a password breach too. Around the same time, video game developer Bethesda acknowledged that the personal information of its Fallout 76 players was accidentally leaked.
The Kanopy leak, while not quite as serious given what was exposed, should nonetheless serve as a reminder to any company that stores potentially sensitive personal info — even something as seemingly harmless as an IP address — that this data must be sufficiently protected from prying eyes.
Kanopy partners with local libraries and other public institutions to provide free access to old movies, documentaries, and a variety of other video content to people with valid library cards. It’s similar to Hoopla, operating internationally, and recently added the Toronto Public Library to its roster. With a collection of more than 30,000 titles, it’s a good option for those looking for free alternatives to Netflix and Amazon. In light of this leak, partner institutions may want to investigate what precautions Kanopy is now taking (if any) to avoid something similar happening in the future.
