×
You will be redirected back to your article in seconds

Database Error Leaks 4 Million Time Warner Cable Customer Records Online

A configuration error by one of Time Warner Cable’s vendors left a database containing more than 4 million records with info about the cable operator’s customers publicly available on the internet, according to a security software firm.

BroadSoft, a communication software and service provider used by Time Warner Cable, left more than 600 gigabytes of private files publicly accessible online in two separate Amazon Web Services repositories, Kromtech Alliance’s security research team said Friday in a blog post. The BroadSoft data was improperly configured to allow public access in AWS, according to Kromtech.

Most of exposed data appeared related to Time Warner Cable, Bright House Networks and AMC Networks, according to Kromtech. One of the files contained more than 4 million records including usernames, account numbers, transaction IDs and other info spanning Nov. 26, 2010, to July 7, 2017. Other databases Kromtech was able to access in BroadSoft’s AWS repositories had billing addresses, phone numbers and other information for hundreds of thousands of Time Warner Cable customers.

Time Warner Cable and Bright House were both acquired last year by Charter Communications, which is the second-biggest U.S. cable company after Comcast.

In a statement, Charter said the exposed customer info was removed as soon as it was discovered, and said “there is no indication that any Charter systems were impacted.”

“A vendor has notified us that certain non-financial information of legacy Time Warner Cable customers who used the MyTWC app became potentially visible by external sources,” Charter said in a statement. “Upon discovery, the information was removed immediately by the vendor, and we are currently investigating this incident with them.”

BroadSoft emphasized in a statement that the exposed customer data did not include financial info like bank or credit card information or Social Security numbers. “As soon as we recognized the exposure, we immediately began to re-secure the information,” the company said, adding that BroadSoft’s core information-technology and cloud unified communication infrastructures “were not exposed or compromised in this incident.”

Charter said it recommends that customers who have used the MyTWC app change their usernames and passwords. The cable company said it will directly contact customers if it discovers that their information was exposed.

Kromtech said it downloaded the contents of the publicly accessible BroadSoft data “for verification purposes,” noting that it’s unclear if the data was accessed by other unauthorized parties. The company discovered the misconfigured BroadSoft file repositories in AWS in the process of researching an Amazon S3 cloud-based data repository for WWE — containing 3 million customer emails — that was also publicly accessible on the internet.

More Digital

  • BBC Studios Names Anna Cronin Digital

    BBC Studios Names Anna Cronin Digital Content Director (EXCLUSIVE)

    Anna Cronin has been upped to director of digital content at BBC Studios, a new role at the production and distribution arm of the U.K. pubcaster. The position is within BBC Studios’ content partnerships division, which oversees the company’s programming and IP partnerships. Cronin will work with U.K. and international partners, and notably those in [...]

  • Facebook's Oculus Quest Shows How AR

    What the Oculus Quest Can Teach Us About the Future of Mixed Reality

    Facebook’s new Oculus Quest headset is a great gaming device that simplifies virtual reality (VR), doing away with the need for an expensive PC and external tracking hardware. But with its integrated tracking, the Quest can also teach us a thing or two about the future of virtual and augmented reality. Those two areas of [...]

  • snapchat-logo

    Snapchat Takes Down Porn Lenses, May Start Cat-and-Mouse Game

    Snapchat quickly removed a handful of x-rated augmented reality lenses Tuesday, dealing a blow to efforts by adult entertainment company Naughty America to promote its subscriptions to the service’s users. However, the porn studio may not be quite done with Snapchat just yet, as it is still distributing the source files that allow Snapchat users [...]

  • YouTube logo

    Why YouTube Is Changing the Way It Reports Subscriber Counts

    Within the next three months, YouTube will change the way it publicly displays channel subscriber counts: It will provide only rounded figures instead of actual follower numbers. For example, under the change, T-Series — the Indian music-video channel that recently surpassed PewDiePie to become the most-subscribed channel on the platform — would be listed in [...]

  • Phillip Eubanks and Marc Hemeon Join

    Phillip Eubanks and Marc Hemeon Join Troy Carter’s Q&A

    Q&A, the music and tech company founded by former Lady Gaga manager and Spotify exec Troy Carter, today announced the appointments of Phillip Eubanks as Chief Operating Officer (pictured above, right) and Marc Hemeon as Head of Design (left). The pair join Carter, J. Erving (Human Re Sources, Atom Factory), Suzy Ryoo (Atom Factory, OMD) [...]

  • Simran Sethi Quits Netflix India Role

    Simran Sethi Quits Netflix India Role

    Simran Sethi, the Los Angeles-based director of Netflix international originals, responsible for India content, has resigned and will quit after a transition period. Netflix did not comment. Sources familiar with the matter told Variety that Netflix prefers an executive based in India to oversee local original content that has now grown to 11 series and [...]

More From Our Brands

Access exclusive content