Charter website has huge privacy hole, security researcher claims

A young security researcher says he's uncovered a vulnerability in a Charter Communications (NASDAQ: CHTR) customer service site that could expose sensitive customer information.

Speaking to Fast Company, Eric Taylor, 18, said a simple header modification performed with a browser plug-in could reveal details about Charter broadband customers. Taylor said he discovered a similar vulnerability in Verizon's (NYSE: VZ) online customer service system, which allowed outsiders to access phone numbers and device names. 

However, the Charter vulnerability exposed "way, way, way more," he added. 

"In theory, anyone with minor programming skills could code an automated program that scans every Charter IP and returns the customers billing info," Taylor said. 

Responding to Fast Company's story, a Charter rep said "the vast majority" of the company's millions of broadband customers across 26 states were not impacted. In fact, the rep pegged the number of potentially affected customers at less than 1 million. 

The MSO is currently auditing its systems, the rep added, and has found no evidence of any hacks. 

The exposed data did not include credit card numbers, but does include payment details, modem serial numbers, device names, account numbers and home addresses, Fast Company said. 

For more:
- read this Fast Company story

Related articles:
Charter and Bright House agree to move forward with original $10.4B merger deal
Report: Banks ready to go with $24B for Charter's pursuit of TWC
Charter's Rutledge: Merger with TWC would not 'meaningfully change' programming talks