- Cybergenws found an unprotected database containing sensitive data on millions of MagentateV users
- About 324 million logs were contained in
- The database has since been locked down but users must be on their guard
Magentatv, a TV and streaming platform owned by the German telecommunications giant Deutsche Telekom, has been found to be delicate sensitive customer information for several months.
In a blog post, security researchers from Cygenerws In June 2025, it found an unprotected ElasticSearch instance that hosted the server page., Which is a server side advertising insert platform.
The archive weighs 729 GB and contains more than 324 million log items. These items contained users’ IP addresses, Mac addresses, session -ids, customer -ids and user agents. In addition, some of the logs contained HTTP headings from requests that customers sent.
Hijacking sessions and imitating users
Deeper examination determined that the database belonged to Magentatv and that it received between 4 and 18 million new logs every day.
“In theory, HTTP headings, including customer -ids and sessions -ids, could be used for hijacking session, allowing attackers to log in to customer accounts without having to know any personal account information or passwords. However, in the real world there were probably additional security measures that prevent such a session from being in place,”
Theoretically, there are plenty of things that threat actors could do with this information.
They could use IP addresses to find people’s real locations or be able to use Mac addresses to identify or track specific devices, even forgery of them in certain scenarios. Session -ids (if still valid) could be used to hijack active sessions, mimic users and access their accounts or personal data.
Customer -ids could allow threat actors to reconstruct user profiles, leading to spear phishing, social engineering or credentials filling campaigns, while HTTP headings may include browsing activity, cookies, approval tokens and more.
Magentatv probably began to leak the data in February 2025 and connected the hole after being tipped off Cygenerws.
