The breach was discovered by a third party firm that was working to resolve a data breach at another company. The leaked information regarded 4 million of TWC customers. But due to the size of the cache, however, the researchers could not immediately say precisely how many were affected.
While Charter acquired Time Warner Cable in a $79 billion blockbuster deal last year, the data collected and exposed ranges from before the deal (2010) until this year - and also includes some data from Bright House Networks and AMC.
Other databases revealed billing addresses, phone numbers and other contact inform for at least hundreds of thousands of TWC subscribers. The servers also contained a slew of internal company records, including SQL database dumps, internal emails, and code containing credentials (usernames and passwords) to external systems-information that could've been used to uncover additional sensitive subscriber records.
The S3 buckets were accidentally configured to allow public access, potentially allowing anyone with the URL to access and download the sensitive data. One of those needs, for Time Warner at least, was storing customer data, and BroadSoft chose to accomplish that task by dumping it into an Amazon server bucket with no password. While it's unclear how numerous customers are still current subscribers, if you happen to be a TWC (now Charter Spectrum) customer, it's a great idea to be on the lookout for any suspicious activity related to any of your accounts for the immediate future.
It appears as though numerous customers who are affected were also using the Time Warner Cable smartphone app.
Representatives of BroadSoft did not immediately respond to a query. On the other hand, a BroadSoft spokesperson believes that the vulnerable data didn't feature sensitive details. As a general security measure, we encourage customers who used the My TWC app to change their user names and passwords.
The report notes that there were four million different records included in the exposure, but given than many records may have belonged to the same individual users, the total tally of impacted customers is unclear.