A database containing 32 million customers' SKY Brasil data is available to anyone without password protection.
SKY Brasil is a company owned by Vrio, which offers pay-TV services in Brazil. It produces TV content and has several TV channels.
A Brazilian security researcher Fabio Castro has discovered several servers in Brazil running Elasticsearch who do not need any authentication to retrieve information. Of course these databases are the easiest target for hackers to steal information.
According to the security researcher, the information contained in the database included complete customer names, email addresses, service login passwords, customer IP addresses, payment methods, phone numbers and addresses.
The size of one of the discovered databases was over 429GB and contained very sensitive customer information from SKY.
"The data stored on the server was full name, e-mail, password, pay-TV package (Sky Brazil), user's IP addresses, personal addresses, payment methods," Castro told BleepingComputer. "Among other information, the model of the device, the serial numbers of the device located at the customer's residence, as well as the log files of the entire platform."
Sky Brasil has made no statements about the issue.