MagentaTV Data Leak Exposes Over 324 Million Logs Linked to Deutsche Telekom’s Streaming Platform

A data leak tied to Deutsche Telekom’s MagentaTV platform exposed over 324 million logs, including user IPs, MAC addresses, and session details.
MagentaTV Data Leak Exposes Over 324 Million Logs Linked to Deutsche Telekom’s Streaming Platform
Table of Contents
    Add a header to begin generating the table of contents

    Deutsche Telekom’s streaming service, MagentaTV, has been caught up in a large-scale data exposure incident after researchers discovered an unsecured server revealing more than 324 million user log entries. The leak was traced back to a third-party ad delivery platform used by MagentaTV and may have remained publicly accessible for several months before being secured.

    Unprotected Elasticsearch Instance Behind the Leak

    The issue came to light in mid-June 2025 when the Cybernews research team identified an unprotected Elasticsearch instance hosted by Serverside.ai, a server-side ad insertion (SSAI) platform. The leaked data stemmed entirely from MagentaTV, which is operated by Deutsche Telekom, Europe’s largest telecom company.

    Serverside.ai is owned by Equativ, a French adtech firm. According to the researchers, the data exposure was likely open since at least early February 2025. It was removed from public view after the research team contacted the company in June.

    Scale and Nature of the Exposed MagentaTV Data

    While the majority of the 729GB worth of data consisted of non-sensitive information, a significant portion of the logs contained identifiable technical data about MagentaTV users. Every user interaction with the platform created HTTP headers, many of which were captured in the exposed logs.

    Although MagentaTV reportedly serves around 4.4 million users, the unprotected instance included over 324 million log entries, receiving between 4 to 18 million new logs daily.

    Some of the compromised data points include:

    • IP addresses
    • MAC addresses
    • Session IDs
    • Customer IDs
    • User-agent details

    These data types include device identifiers, network details, and session information that, if cross-referenced or combined with other breached data, could enable targeted attacks or tracking of users.

    Cybersecurity Risks and Potential Abuse

    While no direct exploitation of the leaked data has been reported, the researchers highlighted several risks. The exposed information could theoretically allow session hijacking or tracking of individual users, particularly if combined with older breach data.

    “In theory, HTTP headers, including customer IDs and session IDs, could be used for session hijacking, allowing attackers to log into customer accounts without needing to know any personal account information or passwords. However, in the real world, additional security measures preventing such session hijacking were likely in place,” the Cybernews team explained.

    They also noted that MagentaTV devices are manufactured by a Chinese OEM, which can sometimes be more vulnerable to security flaws. These devices, sold under Deutsche Telekom branding, were the primary access point for the platform, adding another layer of concern.

    “This leaked information would be immensely helpful to attackers exploiting devices by revealing their IP addresses, and the exposed customer IDs could also aid cybercriminals in attacks, depending on the specific exploit being used,” the researchers added.

    Timeline of the Incident

    • Leak discovered: June 18, 2025
    • Initial disclosure and CERT contacted: June 18, 2025
    • Leak secured: July 22, 2025

    At the time of writing, Deutsche Telekom has not responded to requests for comment.

    Related Posts