Details related to more than 4 million Time Warner Cable customers were exposed online in a major data breach, according to a report from Kromtech Security, but it was a partner of the United States cable operator, rather than TWC itself, that was at fault, according to the security export.
According to Gizmodo, the breached files were discovered last week by Kromtech Security Center while its researchers were investigating an unrelated breach at World Wrestling Entertainment. The breach was eventually linked to BroadSoft, a communications company, whose unit developed the MyTWC app. Broadsoft did not immediately respond to a request for comment.
The TWC record information was not unique for all details exposed, instances of duplicate information, were also seen, meaning the breach ultimately exposed less than four million customers.
"We see more and more examples of how bad actors use leaked or hacked data for a range of crimes or other unethical purposes", said Kromtech's chief communications officer Bob Diachenko in a blog post revealing the breach.
The company wouldn't specify the details of the breach, but Gizmodo reported that about 4 million records were exposed, though that doesn't mean that it involved 4 million individual customers.
The repositories also included internal company records, including SQL database dumps, internal emails and code containing the credentials for accessing external systems and access logs.
In a separate accident, files on thousands of Americans with high level security clearances were found on an unsecured Amazon server.
The S3 buckets were accidentally configured to allow public access, potentially allowing anyone with the URL to access and download the sensitive data.
There's no indication yet that happened, but Kromtech is quick to state it will take some time and plenty of leg work to determine the impact and breadth of the exposure. Protecting customer privacy is of the utmost importance to us. The data was left exposed by Broadsoft, a company that has numerous large ISPs as clients.
The Auburn Police Department said customers who have been with the cable-network since 2010 and have used the MyTWC app are most at risk.
Charter added that after the unblocked server was isolated, Broadsoft got rid of the information and started a joint investigation into the matter.