Charter Customer Data Left Sitting on an Open Server The personal data of millions of Time Warner Cable customers were left last month on an Amazon server openly accessible to the public. The 600GB worth of personal data was discovered last month by the Kromtech Security Center (hat tip, Gizmodo) while its researchers were investigating an unrelated data breach at World Wrestling Entertainment. The data was left exposed by Broadsoft, a company that has numerous large ISPs as clients.

This data included usernames, emails addresses, MAC addresses, device serial numbers, and financial transaction information -- thought not credit card data. The report notes that there were four million different records included in the exposure, but given than many records may have belonged to the same individual users, the total tally of impacted customers is unclear. While Charter acquired Time Warner Cable in a $79 billion blockbuster deal last year, the data collected and exposed ranges from before the deal (2010) until this year -- and also includes some data from Bright House Networks and AMC. The report notes that in addition to customer records, the exposed data included internal ISP records ranging from SQL database dumps and internal emails, to code containing data that could result in the compromising of other ISP systems. "The bottom line is that data is valuable and there will always be someone looking for it. Improperly securing data is just as bad if not worse because it was preventable," notes the report. "In this case engineers accidentally leaked not only customer and partner data but also internal credentials that criminals could have easily used to monitor or access company's network and infrastructure." There's no indication yet that happened, but Kromtech is quick to state it will take some time and plenty of leg work to determine the impact and breadth of the exposure. “We see more and more examples of how bad actors use leaked or hacked data for a range of crimes or other unethical purposes,” said Kromtech’s chief communications officer Bob Diachenko in a blog post revealing the breach. “In this case engineers accidentally leaked not only customer and partner data but also internal credentials that criminals could have easily used to monitor or access company’s network and infrastructure.” As the report is quick to note, Time Warner Cable isn't alone when it comes to leaving customer and company data exposed on Amazon cloud servers. Verizon was lambasted earlier this year after a customer service vendor left the data of roughly As the report is quick to note, Time Warner Cable isn't alone when it comes to leaving customer and company data exposed on Amazon cloud servers. Verizon was lambasted earlier this year after a customer service vendor left the data of roughly 6 million subscribers openly accessible on the internet.







News Jump California Defends Its Net Neutrality Law; AT&T's Traffic Up 20% Despite Data Traffic Actually Being Down; + more news Are The Comcast-Charter X1 Talks Dead In The Water?; AT&T May Offer Phone Plans With Ads For Discounts; + more news Europe's Top Court: Net Neutrality Rules Bar Zero Rating; ViacomCBS To Rebrand CBS All Access As Paramount+; + more news Verizon To Buy Reseller TracFone For $7B; 5G Not The Competitive Threat To Cable Many Thought It Would Be; + more news MS.Wants Records From AT&T On $300M Project; Google Fiber Outages In Austin, Houston, Other Texan Cities; + more news States With The Biggest Decreases In Speed; AT&T Hopes You'll Forget Its Fight Against Accurate Maps; + more news AT&T's CEO Has A Familiar $olution To US Broadband Woes; EarthLink Files Suit Against Charter; + more news 5G Doesn't Live Up To Hype, AT&T's 5G Slower Than Its 4G; Cord-Cutting Now In 37% of Broadband Households; + more news FCC Cited False Broadband Data Despite Warnings; ZTE, Huawei Replacement Cost Is $1.87B, But Only $1B Allocated; + more Cogeco Rejects Altice USA's Atlantic Broadband Bid; AT&T Is Astroturfing The FCC In Support Of Trump Attack; + more news ---------------------- this week last week most discussed

Most recommended from 14 comments

techguru308

join:2016-05-19

Cincinnati, OH 17 recommendations techguru308 Member Their needs to be laws passed for accountability. The congress is going to have to make laws holding company's financially if not criminally accountable for careless practices that lead to customer data being publicly exposed. I am going to change all of my email and My TWC passwords since they could be compromised. anonymouse

join:2001-05-28

Littleton, CO 3 edits 12 recommendations anonymouse Member Hold individuals, not companies, at the very top liable Until there is individual accountability, there will NEVER be a good solution to this issue.

Meaning, finding Charter as a company liable for it will result in Charter paying a fine, impacting shareholders who foot the bill. Next, nothing happens.



Instead, hold CEOs/CIOs/etc. accountable for any data breaches. Make it an individual liability, crime.

It will definitely result in better security of our data, since folks at the top will be afraid of going to jail, or paying hefty fines, etc.

techfury90

join:2015-03-03

Carrboro, NC 4 recommendations techfury90 Member Outsourcing... And the real crux of it is Broadsoft's poor practices. This is the downside of outsourcing, people: you have little to no clue how good /their/ security practices really are.

DocDrew

Try Everything!

Premium Member

join:2009-01-28

SoCal 93.2 20.1

Ubee E31U2V1

Technicolor TC4400

ARRIS TG1672

3 recommendations DocDrew Premium Member This happened to TWC last year too...

»www.cyberdefensemagazine ··· stomers/



It was never disclosed then how it happened. I wonder if it was the same problem back then:

Time Warner Cable security breach may have exposed 320K customers said by Cyber Defense Magazine article : “The company is now working with the FBI, which first informed them of the stolen emails and passwords, all (at least all that were reported to TWC) belonging to the Roadrunner service.Customers with emails ending in “@rr.com” may be affected and should be receiving communications from TWC shortly with indications on how to reset passwords.” states a NBC News report” The TWC spokesperson indicated that data provided by the FBI was part of a wider disclosure including other ISPs. NBC News will update this story if more providers or services are found to have been affected”



It’s not clear how attackers have accessed customer information, the Time Warner Cable denied that its systems have been hacked.



In a statement provided to NBC News, the TWC said “there are no indications that TWC’s systems were breached,”



The company speculates data have been accessed via phishing campaigns or collected through other data breaches of other companies. Happened in January of last year too:It was never disclosed then how it happened. I wonder if it was the same problem back then:Time Warner Cable security breach may have exposed 320K customers