Posted on September 2, 2017 at 5:53 PM
About 4 million personal records of Time Warner Cable customers have been exposed for having been stored in an Amazon server with no password. The files measuring over 600G were discovered by Kromtech Security Center.
The security researchers were investigating a different data breach incident at World Wrestling Entertainment (WWE). Some of the exposed details include financial transaction information, email addresses, and usernames.
According to Time Warner Cable parent Charter Communications, “There is some nonfinancial information of TWC customers, especially for those who used the MyTWC app, which may be visible to external individuals.”
Charter added that after the unblocked server was isolated, Broadsoft got rid of the information and started a joint investigation into the matter. “Customers need not worry since sensitive info like Social Security numbers were not compromised,” read the report.
Furthermore, there is nothing to suggest that Charter systems were affected. Immediately after this exposure, Charter shares fell down less than half a percent to trade at $396.83/share.
Not all TWC records had data on a unique customer. In some cases, there were duplicated records, implying that the 4 million leaks may be half. However, the cache size made it difficult for the researchers to pinpoint the exact number of affected persons.
Charter Communications bought Time Warner Cable last year and changed the name to Spectrum. The records leaked are dated from 2010 to this year.
There are some databases that had phone numbers, billing addresses and additional contact info for hundreds of thousands of TWC subscribers. There were also some internal company records like credentials for external systems, internal emails, and SQL database dumps.
More systems could in danger of a hack after it was discovered that administrative credentials are also part of the data leaked. But the researchers did make a move in reviewing password protected data which means these records are possibly vulnerable to anonymous sources.
The breach is believed to have happened from BroadSoft’s workers in Bengaluru, India. The Amazon bucket also contained CCTV footage of the workstation.
Kromtech’s chief communications officer, Bob Diachenko, said that “Hackers continually use leaked or hacked information to commit other tremendous crimes.” Engineers are deemed to have accidentally leaked not only partner data but also internal sensitive data to malicious individuals.
“This can easily be used in monitoring the company’s network layout.” The breach wasn’t made publicly availed until Friday so that BroadSoft could personally inform its customers.
“We have verified that this data is on the public Internet but we don’t think this info is ‘highly sensitive’,” said BroadSoft spokesperson. The company is adamant that no person with malicious intent has accessed the data.