Viacom exposed important credentials that could have allowed hackers to wreak havoc on major media organisations, a cyber security firm has said.
California-based UpGuard said it discovered unsecured information that hackers could have used to access cloud servers belonging to firms like MTV, Paramount and Nickelodeon.
“The potential nefarious acts made possible by this cloud leak could have resulted in grave reputational and business damages for Viacom, on a scale rarely seen,” the firm said.
Viacom said there was no evidence its data had been abused by hackers, and stressed that no customer details were exposed.
“We have analyzed the data in question and determined there was no material impact,” the company said in a statement.
“Once Viacom became aware that information on a server – including technical information, but no employee or customer information – was publicly accessible, we rectified the issue.”
‘Host of damaging attacks’
Among the details discovered by UpGuard – outlined at length in a post on Tuesday – was Viacom’s master key to its Amazon Web Services account.
This was “an exposure that, in the most damaging circumstances, could put the international media conglomerate’s cloud-based servers in the hands of hackers” the security firm said.
“Such a scenario could enable malicious actors to launch a host of damaging attacks, using the IT infrastructure of one of the world’s largest broadcast and media companies.”
UpGuard said these credentials, since changed, were publicly downloadable.
It is as yet unclear whether hackers ever exploited this information and used it to access files belonging to Viacom and the companies it owns.
Hacks on media companies have been particularly damaging in recent months – hackers have released unseen episodes of popular HBO shows such as Game of Thrones and Curb Your Enthusiasm.