Charter website has huge privacy hole, security researcher claims

A young security researcher says he's uncovered a vulnerability in a Charter Communications (NASDAQ: CHTR) customer service site that could expose sensitive customer information.

Speaking to Fast Company, Eric Taylor, 18, said a simple header modification performed with a browser plug-in could reveal details about Charter broadband customers. Taylor said he discovered a similar vulnerability in Verizon's (NYSE: VZ) online customer service system, which allowed outsiders to access phone numbers and device names. 

However, the Charter vulnerability exposed "way, way, way more," he added. 

"In theory, anyone with minor programming skills could code an automated program that scans every Charter IP and returns the customers billing info," Taylor said. 

Responding to Fast Company's story, a Charter rep said "the vast majority" of the company's millions of broadband customers across 26 states were not impacted. In fact, the rep pegged the number of potentially affected customers at less than 1 million. 

The MSO is currently auditing its systems, the rep added, and has found no evidence of any hacks. 

The exposed data did not include credit card numbers, but does include payment details, modem serial numbers, device names, account numbers and home addresses, Fast Company said. 

For more:
- read this Fast Company story

Related articles:
Charter and Bright House agree to move forward with original $10.4B merger deal
Report: Banks ready to go with $24B for Charter's pursuit of TWC
Charter's Rutledge: Merger with TWC would not 'meaningfully change' programming talks

Sponsored by Dell Technologies

Whitepaper: How to Elevate Your Content Delivery Workflows With Dell EMC PowerScale

Learn how Dell EMC PowerScale helps meet surging viewer demand while reducing costs with a single centralized platform for the ingest, processing, and delivery of the content your viewers love.

Suggested Articles

Antenna, a new startup that provides analytics for subscription-based services, has secured $4.2 million in seed funding from Raine Ventures. 

After earlier this year testing a Watch Party feature for Hulu (No Ads) subscribers, the service is opening the option up to all its customers.

FuboTV, a sports-focused live TV streaming service, has acquired Balto Sports in a move to bolster its position in the online sports wagering market.