Customer data for Charter Communications’ units left unprotected online
02 Sep 2017
Customer data for units of Charter Communications Inc and other companies was left unprotected online in data stockpiles that Broadsoft Inc kept online, security company Kromtech Alliance Corp wrote yesterday on a company blog.
A researcher for Kromtech came across the records of over four million customers of Charter division Time Warner Cable and other companies' data that, according to the research firm, Broadsoft were stored on Amazon.com Inc's cloud service.
"The two repositories contained thousands and thousands [of] records and reports for a number of Broadsoft clients, with Time Warner Cable (TWC) appearing to be the most prominent," Kromtech's Bob Diachenko wrote in a blog.
The data "was configured to allow public access and exposed extremely sensitive data" such as usernames, email addresses, credentials and in a number of cases billing addresses and phone numbers.
The records went far so far back as November 2010, and predated Charter's 2016 acquisition of Time Warner Cable for $78.7 billion, including assumed debt.
"This would allow anyone with an internet connection to access extremely sensitive documents," Diachenko blogged. "Not only could they access the documents but any 'Authenticated Users' could have downloaded the data from the URL or using other applications. With no security in place just a simple anonymous login would work." The data was secured after Kromtech intimated BroadSoft and Charter.
According to Kromtech, the BroadSoft data was improperly configured to allow public access in AWS.
According to Kromtech, the data mostly appeared related to Time Warner Cable, Bright House Networks and AMC Networks.
One of the files contained over 4 million records including usernames, account numbers, transaction IDs and other info spanning 26 November, 2010, to 7 July, 2017.
Kromtech found billing addresses, phone numbers and other information for hundreds of thousands of Time Warner Cable customers in other repositories on BroadSoft's AWS.