article featured image


Cybersecurity researchers found that Lionsgate, an entertainment industry giant, exposed the IP addresses and viewing habits of its subscribers.

The investigators from Cybernews uncovered that the video-streaming service Lionsgate Play had exposed user information via a publicly accessible ElasticSearch instance.

20 GB of Server Logs, Exposed

An unsecured 20GB of server logs containing approximately 30 million entries were uncovered by the Cybernews investigation team; the earliest of these records was dated May 2022. Subscribers’ IP addresses and information about their devices, operating systems, and web browsers were revealed in the logs.

Even analytics and performance tracking data used by the platform were exposed through the disclosure of its logs. Information about what users watched on the site, as well as their search queries, could be gathered from the URLs they left behind in their activity logs, explains Cybernews.

Researchers also discovered unidentifiable hashes with logged HTTP GET requests, which are records of requests made by clients to obtain data from a web server: when these requests are made, they are saved in log files on the server.

The researchers were unable to discover the specific purpose or use of the hashes. Yet, the fact that the hashes all include more than 156 characters implies that they were designed to remain unmodified for lengthy periods of time.

Hashes didn’t match any commonly used hashing algorithms. Since these hashes were included in the HTTP requests, we believe they could have been used as secrets for authentication, or just user IDs.


The platform’s Canadian-American owner, Lionsgate Entertainment Corporation, owns Twilight Saga, Saw, Terminator, The Hunger Games, and The Divergent Series.

Lionsgate has 37 million global customers and produced $3.6 billion in income last year, while Netflix leads all streaming services with almost 230 million users.

The Data Could Be Used in Cyberattacks

Attackers can use victims’ IP addresses and other device information to conduct targeted attacks and distribute malware to their devices.

User agents may have disclosed information about the user’s operating system and the services it uses, giving attackers a leg up in the hunt for exploitable vulnerabilities.

With the growing number of new streaming services, we can see that the risk of misconfigurations and data breaches also grows. It can be useful in targeted attacks, especially when combined with other leaked or publicly available information.


The full research published by Cybernews is available here.

If you liked this article, follow us on LinkedInTwitterFacebook, and YouTube for more cybersecurity news and topics.

Author Profile

Madalina Popovici

Digital PR Specialist

linkedin icon

Madalina, a seasoned digital content creator at Heimdal®, blends her passion for cybersecurity with an 8-year background in PR & CSR consultancy. Skilled in making complex cyber topics accessible, she bridges the gap between cyber experts and the wider audience with finesse.