Advertisement

Millions of Time Warner Cable customer’s information exposed after data leak

Security outfit Kromtech says files that vendor Broadsoft kept online were vulnerable

Reading Time:2 minutes
Why you can trust SCMP
A Time Warner Cable truck is parked in New York. Photo: AP/Mark Lennihan

By Giovanni Bruno

Advertisement

Customer data for units of Charter Communications Inc. and other companies was left unprotected online in data stockpiles that Broadsoft Inc. kept online, security company Kromtech Alliance Corp. wrote on a company blog.

A researcher for Kromtech discovered records for more than four million customers of Charter division Time Warner Cable and other companies’ data that the research firm says Broadsoft stored on Amazon.com Inc.’s cloud service. “The two repositories contained thousands and thousands [of] records and reports for a number of Broadsoft clients, with Time Warner Cable appearing to be the most prominent,” Kromtech’s Bob Diachenko blogged.

The data “was configured to allow public access and exposed extremely sensitive data” such as usernames, email addresses, credentials and in some cases billing addresses and phone numbers. The records went far as back as November 2010, predating Charter’s 2016 acquisition of Time Warner Cable for US$78.7 billion, including assumed debt.

“This would allow anyone with an internet connection to access extremely sensitive documents,” Diachenko blogged. “Not only could they access the documents but any ‘Authenticated Users’ could have downloaded the data from the URL or using other applications. With no security in place just a simple anonymous login would work.” The data was secured after Kromtech reached out to BroadSoft and Charter.

Advertisement

Broadsoft provides cloud voice, messaging, conferencing, document sharing and other services such as outsourced call centres. The company works with 600 communications service providers across 80 countries, according to its web site.

Advertisement