Time Warner Cable subscriber records stored on Amazon server without a password

Posted September 06, 2017

In a blog, Kromtech said the data it had found was about users of Time Warner Cable's MyTWC app, which lets customers manage their account via a smartphone or tablet.

The breach was discovered by a third party firm that was working to resolve a data breach at another company.

The breach was eventually linked to BroadSoft Inc, a communications company that partners with service providers, including AT&T (NYSE:) and TWC, Gizmodo said.

The 4 million TWC records are not all tied to unique customers, meaning 4 million individual people were not exposed by the breach. Some of the exposed details include financial transaction information, email addresses, and usernames.

Charter Communications acquired Time Warner Cable last year and is now called Spectrum, though the leaked records date back from this year to at least 2010.

There are some databases that had phone numbers, billing addresses and additional contact info for hundreds of thousands of TWC subscribers.

The servers also contained internal company records, including SQL database dumps, internal emails, and code containing the credentials to an unknown number of external systems.

Kromtech Security Center discovered more than 600GB worth of files on an unsecured Amazon server on August 24, Gizmodo reports.

The BroadSoft data was not properly configured to allow public access in AWS, Kromtech said.

They discovered two repositories hosted using Amazon's S3 cloud storage service, neither requiring a password for access.

BroadSoft later told Gizmodo that it locked down its Amazon data (Charter says it was taken down) and has not seen evidence that intruders accessed the information.

Broadsoft could not be immediately reached for comment.

It appears as though numerous customers who are affected were also using the Time Warner Cable smartphone app.

"We continue to work closely with our customers to ensure the privacy of their data and to assure them that their information and that of their end-users is secure", it added. On the other hand, a BroadSoft spokesperson believes that the vulnerable data didn't feature sensitive details. While it's unclear how numerous customers are still current subscribers, if you happen to be a TWC (now Charter Spectrum) customer, it's a great idea to be on the lookout for any suspicious activity related to any of your accounts for the immediate future. "We apologize for the frustration and anxiety this causes, and will communicate directly to customers if their information was involved in this incident".