Charter customer data discovered as exposed and password-free on cloud server

Charter Communications sign (use this one)

Charter Communications said it has removed customer data from an Amazon cloud server after a security research company blogged about finding it unprotected on the open internet. 

Kromtech Security Center said it discovered two cloud-based data repositories connected to the MyTWCapp, files maintained by Time Warner Cable software and services vendor BroadSoft, Inc. Charter closed its $49 billion purchase of TWC 15 months ago. Tech publication Gizmodo is being credited for first discovering the Kromtech post. 

According to Kromtech, more than 600 gigabytes of data, including user names, Mac addresses and account numbers, was discovered on Aug. 24, not protected by password. More than 4 million legacy TWC customers were affected. The data dated back to at least 2010.

FREE DAILY NEWSLETTER

Like this story? Subscribe to FierceVideo!

The Video industry is an ever-changing world where big ideas come along daily. Cable, Media and Entertainment, Telco, and Tech companies rely on FierceVideo for the latest news, trends, and analysis on video creation and distribution, OTT delivery technologies, content licensing, and advertising strategies. Sign up today to get news and updates delivered to your inbox and read on the go.

“A vendor has notified us that certain non-financial information of legacy Time Warner Cable customers who used the MyTWC app became potentially visible by external sources,” Charter said in a statement to Gizmodo. 

Charter said it removed the data immediately after it was informed of the breach and is investigating the matter. 

“There is no indication that any Charter systems were impacted,” Charter added. “We encourage customers who used the MyTWC app to change their user names and passwords. Protecting customer privacy is of the utmost importance to us. We apologize for the frustration and anxiety this causes, and will communicate directly to customers if their information was involved in this incident.”

A BroadSoft spokesperson confirmed the breach but said the company doesn’t believe the data is “highly sensitive.”

Some of the data included camera footage of operations within BroadSoft’s Bengaluru, India offices. 

“We see more and more examples of how bad actors use leaked or hacked data for a range of crimes or other unethical purposes,” said Bob Diachenko, Kromtech’s chief communications officer. “In this case engineers accidentally leaked not only customer and partner data but also internal credentials that criminals could have easily used to monitor or access company’s network and infrastructure.”

Suggested Articles

Amobee is launching a data marketplace for connected TV advertising to provide brands and agencies with access to data for activation across connected TV and…

When Charter and Disney earlier this week announced their new carriage agreement, they included news about cooperatively working against video piracy, which…

Cord cutters who opt for streaming video services instead of traditional pay TV will inevitably increase their broadband consumption. But some new research…