- Cybernews has found an unprotected database containing sensitive data on millions of Magentatv users
- Approximately 324 million newspapers were contained
- The database has since been locked, but users should be on their care
Magentatv, a television and streaming platform belonging to the German Telecommunications Deutsche Telekom telecommunications was found sensitive customers for months.
In a blog article, safety researchers from Cyberness said in June 2025, he found an unprotected Elasticsearch instance, hosted by serverside.ai, which is a server advertising platform.
The archive weighs 729 GB and contains more than 324 million newspaper entries. These inputs contained the IP addresses of users, Mac addresses, session IDs, customer IDs and user agents. In addition, some of the newspapers contained HTTP headers from the requests that customers sent.
User diversion and usurpation sessions
A more in -depth investigation determined that the database belonged to Magentatv and that it received between 4 and 18 million new newspapers each day.
“In theory, HTTP headers, including customer IDs and session identifiers, could be used for the embezzlement of session, allowing attackers to connect to customer accounts without having to know information or personal account passwords.
Theoretically, there are many things that threat actors could do with this information.
They could use IP addresses to find real locations of people, or can use Mac addresses to identify or follow specific devices, even usurp them in certain scenarios. Session IDs (if they are always valid) can be used to divert active sessions, use users and access their personal accounts or data.
Customer IDs could allow threat stakeholders to rebuild user profiles, leading to phishing, social engineering or reference campaigns, while HTTP headers may contain navigation activities, cookies, authentication tokens, etc.
Magentatv probably started to flee the data in February 2025 and blocked the hole after being reversed by Cyberness.
