AMC accidentally exposed data on 1.6 million subscribers

The information belonged to Sundance Now and Shudder users.

A security researcher discovered that AMC Networks had inadvertently exposed more than 1.6 million records of subscribers to the company's two premium streaming video platforms, Sundance Now and Shudder. The publicly accessible database included the names and email addresses of subscribers as well as details about their subscription plans. It included more than 3,000 invoices processed by Stripe that listed the last four digits of a user's credit card.

In addition to the user records, which didn't contain any full payment data or information that would be considered sensitive, the database also contained video analytics data collected by Youbora. There were more 441,943 records that included user IP addresses, country, city, state, ZIP code, location coordinates and details about what devices they use to watch streaming content. The information was intended to be used by broadcasters but could be accessed by anyone who discovered the database.

AMC Networks was alerted of the issue and has secured the database so it is no longer publicly accessible. However, the security researcher who discovered the exposure—Bob Diachenko of Security Discovery—said AMC didn't make it easy to disclose the issue. The company's email addresses for privacy and security topics bounced back messages and the company's security officers reportedly were unresponsive.