Last month, there was discovered an unprotected Amazon server with tons of precious data on it. At a closer look, authorities identified four million records. Each of them contained personal information of Time Warner Cable clients. There were 600 GB of customer data.
The Leaked Time Warner Cable Customer Data Contained Financial Information as Well
On August 24, the Kromtech Security Center had its employees research a data breach at World Wrestling Entertainment. However, they found during their routine an Amazon server filled with vulnerable data. These files were all pertaining to BroadSoft, a global communication firm, which supports partnerships with AT&T and Time Warner Cable. The leaked information regarded 4 million of TWC customers.
On the other hand, the two Amazon S3 buckets also contained duplicate information meaning that there were less than 4 million people exposed to cyber threats. On top of that, the large size of the discovered files impaired researchers from learning the exact number of exposed persons.
Nonetheless, the cache offered access to numerous email addresses, user names, device serial numbers, MAC addresses, and others. Unfortunately, financial transaction details were also among featured information. On the other hand, there were no leaks of credit card numbers or Social Security information.
Kromtech Believes Engineers from Indian Headquarters Made Customer and Partner Files Vulnerable by Accident
In 2016, Charter Communications became the owner of Time Warner Cable and changed its name into Spectrum. However, the available records were dating from both eras. The oldest leaked details were from 2010, and the cache contained even recent customer data. On top of that, there were also security camera footages of BroadSoft’s employees in Bengaluru, India. This is also where people on the case suspect the origin of the leak to be from.
Kromtech’s chief communication officer, Bob Diachenko, claimed that there were engineers from the Indian headquarters who accidentally leaked partner and customer data. Due to this incident, cyber attackers would have had numerous opportunities to inflict harm both at the level of enterprise and society.
“We see more and more examples of how bad actors use leaked or hacked data for a range of crimes or other unethical purposes.”
Time Warner Cable customers received a private notification before the company published the update. On the other hand, a BroadSoft spokesperson believes that the vulnerable data didn’t feature sensitive details. On top of that, there is no sign that any malicious party accessed the cache.
Image source: 1