Deutsche Telekom has leaked hundreds of millions of records from its MagentaTV service, including IP addresses, MAC addresses and unique customer identifiers.
The MagentaTV streaming TV platform, owned by telecom giant Deutsche Telekom, has been the source of a large-scale data leak. Cybernews specialists discovered an open Elasticsearch instance in June 2025, containing over 324 million records, totaling 729 GB.
The danger was not only in the volume: IP addresses, MAC addresses, user agents, client IDs and even session identifiers created with each interaction with the platform became publicly available. Attackers could potentially use this information to de-anonymize users or launch targeted attacks, although with some technical difficulties.
The incident was made possible by a misconfiguration of the server side of the advertising platform Serverside.ai, owned by French company Equativ. This platform is integrated into MagentaTV to display ads. The server has been open since at least February 2025 and contained data that was updated daily – from 4 to 18 million new logs per day.
The devices that access MagentaTV, manufactured by OEMs in China, were sold under the Deutsche Telekom brand. Researchers note that such devices are usually more vulnerable to attacks due to the backdoors they contain and imperfect security controls.
Although the company reacted quickly and limited public access to the data, the incident raises serious questions about the protection of user information on large European platforms. Combined with other leaks, such incidents pose risks to the privacy and security of millions of users, especially if their IP addresses or IDs have already appeared in previous leaks.
