Published: Wed, September 06, 2017
Economy | By Guillermo Lane

Charter Customer Data Left Sitting on an Open Server

Charter Customer Data Left Sitting on an Open Server

Details related to more than 4 million Time Warner Cable customers were exposed online in a major data breach, according to a report from Kromtech Security, but it was a partner of the USA cable operator, rather than TWC itself, that was at fault, according to the security export.

A Charter representative refused to elaborate, but Gizmodo says the breach originated in India at BroadSoft, a communications company whose partners included Time Warner Cable. The leaked information regarded 4 million of TWC customers.

It's unclear how many customers were affected by the breach.

Other databases revealed billing addresses, phone numbers and other contact inform for at least hundreds of thousands of TWC subscribers. The servers also contained a slew of internal company records, including SQL database dumps, internal emails, and code containing credentials (usernames and passwords) to external systems-information that could've been used to uncover additional sensitive subscriber records.

The security researchers were investigating a different data breach incident at World Wrestling Entertainment (WWE).

The S3 buckets were accidentally configured to allow public access, potentially allowing anyone with the URL to access and download the sensitive data.

More news: Merkel wins Germany's only televised debate: Polls
More news: Box Office Collection of Baadshaho & Subh Mangal Savdhan is Going Great
More news: Union Minister Rajiv Pratap Rudy resigns amid speculation of a Cabinet reshuffle

As the report is quick to note, Time Warner Cable isn't alone when it comes to leaving customer and company data exposed on Amazon cloud servers. Upon discovery, the information was removed immediately by the vendor, and we are now investigating this incident with them.

Broadsoft could not be immediately reached for comment. Both BroadSoft and Charter say they're investigating and will take extra steps to address the situation if necessary.

Charter Communications, the parent company of Time Warner Cable, said users' financial information had not been exposed and the data largely concerned former or "legacy" customers.

The Auburn Police Department said customers who have been with the cable-network since 2010 and have used the MyTWC app are most at risk.

"We continue to work closely with our customers to ensure the privacy of their data and to assure them that their information and that of their end-users is secure", it added. Engineers are deemed to have accidentally leaked not only partner data but also internal sensitive data to malicious individuals. "We apologize for the frustration and anxiety this causes, and will communicate directly to customers if their information was involved in this incident".

Like this: