Millions of Time Warner Cable Subscribers Exposed in Data Breach
A third-party vendor for Time Warner, now operating as Spectrum, has accidentally exposed nearly four million customer records, according to Kromtech Security Center.
Researchers at Kromtech found the customer records on two cloud-based servers operated by Spectrum’s vendor BroadSoft. The information, which was unprotected and visible to the public, contained user account information from November 10, 2010 to July 7, 2017, including user names, account numbers, email addresses, transaction information and internal information, such as employee server login credentials. Subscribers who used the MyTWC app seemed most at-risk.
“They used Amazon’s cloud but misconfigured it by leaving it accessible. Amazon AWS buckets are protected by default but somehow were left publically available. It is most likely that they were forgotten by engineers and never closed the public configuration. This would allow anyone with an internet connection to access extremely sensitive documents,” Kromtech wrote.
Kromtech alerted BroadSoft of their discovery on August 29 but waited to post their findings publicly until BroadSoft could privately notify its customers.
Charter Communications, which owns Spectrum, has confirmed the breach and is urging subscribers with the MyTWC app to change their user names and passwords. The company does not believe that Social Security numbers or payment card details were exposed.
Kromtech discovered the breach while they were investigating an unrelated data breach at World Wrestling Entertainment, according to Gizmodo.