Published: Wed, September 06, 2017
Markets | By Erika Turner

Charter Customer Data Left Sitting on an Open Server

Charter Customer Data Left Sitting on an Open Server

A new leak affecting millions of Time Warner Cable customers, including over 600GB of private information and sensitive data, was sitting on a completely unsecured Amazon server, and it was put there by the company that's supposed to be in charge of keeping it safe.

According to Gizmodo, the breached files were discovered last week by Kromtech Security Center while its researchers were investigating an unrelated breach at World Wrestling Entertainment. Two Amazon S3 buckets were eventually found and linked to BroadSoft, a global communications company that partners with service providers, including AT&T and TWC. While it's unlikely that multiple BroadSoft customers have anything to worry about, this incident will undermine confidence in the unified comms specialist and make potential suitors wary about potential security breaches that could, in the future, lead to legal action and compensation claims.

The leaked details included usernames, emails addresses, MAC addresses, device serial numbers, and financial transaction information, but Social Security numbers or credit card information was not exposed.

In 2016, Charter Communications became the owner of Time Warner Cable and changed its name into Spectrum.

Other databases revealed billing addresses, phone numbers and other contact inform for at least hundreds of thousands of TWC subscribers. There were also some internal company records like credentials for external systems, internal emails, and SQL database dumps.

The BroadSoft data was not properly configured to allow public access in AWS, Kromtech said.

Star India secures IPL rights in US$2.55BN global deal
Out of the 24 companies that appeared for the bidding process, only 14 went forward with their bids. STAR India bagged the global rights for a five-year period for Rs 16,347.50 crore.

As the report is quick to note, Time Warner Cable isn't alone when it comes to leaving customer and company data exposed on Amazon cloud servers.

The files - more than 600 gigabytes in size containing sensitive information such as transaction ID, user names, Mac addresses, serial numbers, account numbers - were discovered on August 24 without a password by researchers of MacKeeper developer Kromtech.

There's no indication yet that happened, but Kromtech is quick to state it will take some time and plenty of leg work to determine the impact and breadth of the exposure.

Verizon isn't the only big United States telecom whose corporate ally left customer data out in the open.

BroadSoft confirmed the leak but said it did not believe sensitive data was involved.

The information exposed appears to be related to TWC customers that had used the MyTWC app, which was developed by BroadSoft.

Like this: