Hackers are a major concern for anyone with a cable, wireless, bank, or social media account — so, basically everyone — but sometimes bad actors don’t even have to actually break into anything in order for companies to leak data on their customers. A new leak affecting millions of Time Warner Cable customers, including over 600GB of private information and sensitive data, was sitting on a completely unsecured Amazon server, and it was put there by the company that’s supposed to be in charge of keeping it safe. Lovely.
The leak, which was first discovered by Kromtech Security Center, is an absolutely inexcusable mistake on the part of BroadSoft, Inc. BroadSoft partners with companies like tiem Warner Cable to manage their communications and cloud data needs. One of those needs, for Time Warner at least, was storing customer data, and BroadSoft decided to accomplish that task by dumping it into an Amazon server bucket with no password.
The leaked data includes a wealth of information in its four million (or so) records. “[The dump] contains more than 4 million records, spanning the time period 11-26-2010 – 07-07-2017, with Transaction ID, user names, Mac addresses, Serial Numbers, Account Numbers, Service, Category details, and more,” Kromsoft writes in its security notice. “Other databases also have billing addresses, phone numbers etc. for hundreds of thousands of TWC customers.”
It appears as though many of the customers who are affected were also using the Time Warner Cable smartphone app. While it’s unclear how many of the customers are still current subscribers, if you happen to be a TWC (now Charter Spectrum) customer, it’s a great idea to be on the lookout for any suspicious activity related to any of your accounts for the immediate future.