Viacom Secures Data Leak That Research Firm Deemed Potentially “Catastrophic”


Viacom computers put at risk “a vast array of internal access credentials and critical data that could be used to cause immense harm to the multinational corporation’s business operations,” cyber security firm UpGuard says today.

The media company “dodged a major bullet,” Chris Vickery, who’s director of CyberRisk Research at UpGuard, tells me. “There’s no limit on the amount of harm that could have been done….Somebody cut a corner somewhere.”

Indeed, he adds, “if a bad guy had found this, it could have been catastrophic and brand-ending. You could have done anything you wanted with Viacom.”

He noticed a potential problem on August 30, and told Viacom the next day. It secured the data “within hours,” UpGuard says.

Viacom says that the exposure involved “technical information, but no employee or customer information.” The company adds that it “rectified the issue” and, after analyzing the data, “determined there was no material impact.”

But UpGuard says there’s no way to know whether a bad actor accessed the data.

Hackers and other outsiders would have been able to tap “either the primary or backup configuration of Viacom’s IT infrastructure” which was being moved to Amazon Web Services’ cloud — including “Viacom’s access key and secret key for the corporation’s AWS account.”

That might have led to “phishing schemes, using the corporation’s brand recognition to trick consumers into furnishing their personal details,” UpGuard says. “The exposure of secret access keys to Viacom’s AWS account, as well as the control of the company’s server configurations and manifests, could also have allowed malicious actors to spin off additional servers to use Viacom IT systems as a botnet.”

The firm says that this is one more example of a “pervasive level of cyber risk” at media companies that “has not yet been met with commensurate cyber resilience across the board.”

UpGuard says that Viacom’s main website scored 428 out of 950 on the CSTAR cyber risk scanner. Paramount Pictures scores 475, MTV hits 472, Comedy Central is 430, and Nickelodeon has the company’s worst score of 386.

This article was printed from