- Cybernews found an unprotected database that contains confidential data on millions of Magentatv users
- Around 324 million records were contained within
- Since then, the database has been blocked, but users must be on guard
Magentatv, a television and transmission platform owned by the German Telekom Telecommunications giant has been found that filters confidential information for the client for months.
In a blog post, security researchers from Cybernews In June 2025, he found an instance of elasticsearch without protection, housed by Serverside.AI, which is a platform for insertion insertion on the server side.
The file weighs 729GB and contains more than 324 million registration inputs. These tickets contained IP addresses of users, MAC addresses, session ID, customer ID and user agents. In addition, some of the records contained HTTP headers of the requests that customers were sending.
Kidnapping sessions and supplant users
The deepest research determined that the database belonged to Magentatv, and that it received between 4 and 18 million new records every day.
“In theory, HTTP headers, including customer IDs and session IDs, could be used for session kidnapping, allowing attackers to log in to customer accounts without knowing any personal information or password.
Theoretically, there are many things that threat actors could do with this information.
They could use IP addresses to find the real life locations of people, or mac addresses could use to identify or track specific devices, even falsify them in certain scenarios. Session IDs (if they are still valid) could be used to kidnap active sessions, impersonate users and get access to their personal accounts or data.
Customer IDs could allow the threat actors to rebuild user profiles, which leads to spear phishing, social engineering or credential filling campaigns, while HTTP headers can contain navigation activity, cookies, authentication tokens and more.
Magentatv probably began to filter the data in February 2025 and plugged the hole after being tips Cybernews.
