Categories: Security

Data On ‘Millions’ Of Time Warner Cable Customers Leaked

Millions of records containing the personal details of Time Warner Cable (TWC) customers have been discovered in a publicly accessible storage repository.

Security researchers at Kromtech, which makes the MacKeeper antivirus software, said they discovered the data on 24 August while researching another leak involving World Wrestling Entertainment (WWE).

Amazon S3 buckets exposed

They discovered two repositories hosted using Amazon’s S3 cloud storage service, neither requiring a password for access.

The repositories were linked to BroadSoft, a US-based company with offices worldwide that provides services to large communications companies including AT&T, Sprint and Vodafone.

TWC, which was acquired by Charter Communications last year and is now called Spectrum, said the data related to users of the MyTWC mobile application used to remotely manage accounts, which was developed by BroadSoft.

“We were notified by a vendor that certain non-financial information of legacy Time Warner Cable customers who used the MyTWC app became potentially visible by external sources,” Charter said in a statement.

The company said the data had been removed and the incident was being investigated.

Personal data

“We encourage customers who used the MyTWC app to change their user names and passwords,” Charter stated.

The data included usernames, email addresses, MAC addresses, device serial numbers and financial transaction information, although it doesn’t appear that social security numbers or credit card information was involved.

Other databases included billing addresses, phone numbers and other contact information.

One of the databases contained four million records relating to customers, but some were duplicates, meaning less than four million individual users were likely to have been affected.

Kromtech said it would take “weeks” to sort through the files, which amount to more than 600 GB of data.

The repositories also included internal company records, including SQL database dumps, internal emails and code containing the credentials for accessing external systems and access logs.

Loading ...

Inadvertent leaks

“These are all things that should not be publicly available online,” Kromtech said in an advisory.

BroadSoft confirmed the leak but said it did not believe sensitive data was involved. The company said it was investigating.

Inadvertent data leaks have become more frequent as it becomes more common for companies to make use of cloud-based service providers, whose data is accessible by anyone unless protections are in place.

In July it was disclosed that Verizon had exposed data on about 6 million customers by misconfiguring an Amazon S3 bucket, and similar incidents have affected voter information held by the Republican National Committee (RNC) and customer data exposed by wrestling entertainment company WWE.

The RNC breach, disclosed in June, affected more than 198 million people, or about 61 percent of the US population, and was the country’s largest-ever voter data exposure.

Last month Amazon announced a machine learning-based tool aimed at spotting such security lapses. ‘Macie’, a fully managed service, scans users’ data repositories for sensitive data including personal information or intellectual property and uses machine learning to establish a baseline for how it’s typically accessed. The system then generates alerts when it detects unauthorised access or inadvertent data leaks.

Ironically, Kromtech itself was the subject of a data leak in December 2015, when researcher Chris Vickery discovered the company had left 21 GB of customer data exposed on servers that required no authentication and were open to external connections.

How well do you know the cloud? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Apple Sales Rise 6 Percent After Early iPhone 16 Demand

Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…

22 hours ago

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

23 hours ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

24 hours ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago