Massive streaming service data leak sees over 324 million records breached - here's what we know

2 hours ago 2

Foto: Unsplash

Cybernews found an unprotected database containing sensitive data on millions of MagentaTV users
Around 324 million logs were contained within
The database has since been locked down, but users should be on their guard

MagentaTV, a TV and streaming platform owned by German telecommunications giant Deutsche Telekom has been found leaking sensitive customer information for months.

In a blog post, security researchers from Cybernews said in June 2025, it found an unprotected Elasticsearch instance, hosted by Serverside.ai, which is a server-side ad insertion platform.

The archive weighs 729GB, and contains more than 324 million log entries. These entries contained users’ IP addresses, MAC addresses, session IDs, customer IDs, and user agents. Furthermore, some of the logs contained HTTP headers from requests the customers were sending.

Hijacking sessions and impersonating users

Deeper investigation determined the database belonged to MagentaTV, and that it was receiving between 4 and 18 million new logs every day.

“In theory, HTTP headers, including customer IDs and session IDs, could be used for session hijacking, allowing attackers to log into customer accounts without needing to know any personal account information or passwords. However, in the real world, additional security measures preventing such session hijacking were likely in place,” Cybernews researchers said.

Theoretically, there are plenty of things threat actors could do with this information.

They could use IP addresses to find people’s real-life locations, or could use MAC addresses to identify, or track, specific devices, even spoofing them in certain scenarios. Session IDs (if still valid) could be used to hijack active sessions, impersonate users, and gain access to their accounts or personal data.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Customer IDs could allow threat actors to reconstruct user profiles, leading to spear phishing, social engineering, or credential stuffing campaigns, while HTTP headers might contain browsing activity, cookies, authentication tokens, and more.

MagentaTV most likely started leaking the data in February 2025 and plugged the hole after being tipped off by Cybernews.

PBS reveals data breach after company info leaked on Discord
Take a look at our guide to the best authenticator app
We've rounded up the best password managers

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read Entire Article