The CyberNews research team discovered an unsecured data bucket on a publicly accessible Amazon Simple Storage (S3) server containing confidential data belonging to IndieFlix.
IndieFlix is a US-based entertainment company offering a subscription-based online video streaming service that mainly specializes in independent titles, including feature films, shorts, and documentaries.
The data bucket discovered by CyberNews contains over 90,000 files related to the IndieFlix streaming service. This includes scans of confidential motion picture acquisition agreements, tax ID requests that include filmmaker social security numbers and employer identification numbers, as well as relatively detailed contact information of thousands of film professionals. Additionally, the bucket hosts thousands of video files of short films, movie clips, and trailers that can be accessed and downloaded by anyone with a direct link to the files.
After CyberNews contacted IndieFlix and Amazon Web Services, the bucket has been secured and is no longer accessible.
What data is in the bucket?
The unsecured Amazon S3 bucket contains 93,867 publicly accessible files, including:
4,275 motion picture acquisition agreements and contract addendums
3,217 scans of requests for tax identification numbers that include addresses, signatures, as well as social security numbers and/or employer identification numbers of the filmmakers or their distribution agents
A contact list of 5,966 film industry professionals, including their full names, email addresses, street addresses, phone numbers, and zip codes
15,225 video files, which include short films as well as clips and trailers from the platform’s Quick Pick feature library
The vast majority of the files stored in the unsecured bucket are film thumbnail pictures and various promotional materials. The motion picture acquisition agreements, tax ID requests, and contract addendum scans al ..