Millions of TWC Sensitive Records Potentially Exposed Online by Cloud-Provider BroadSoft
Millions of sensitive records from Time Warner Cable and other companies were among the 600 GB of sensitive files potentially leaked online by cloud-based communications provider BroadSoft, said security vendor Kromtech last week. Two accidentally leaked repositories contained thousands of…
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
records for several Broadsoft clients, with TWC being the "most prominent," blogged Bob Diachenko, Kromtech chief communications officer. One text file contained more than 4 million records from TWC and Bright House Networks -- rebranded as Spectrum and also now part of Charter Communications -- from 2010 to this year, "with Transaction ID, user names, Mac addresses, Serial Numbers, Account Numbers, Service, Category details, and more," he wrote. Other databases have billing addresses, phone numbers and other data for hundreds of thousands of TWC customers, he said. Diachenko said the leaked data also included internal credentials that criminals could use to track and access company's network and infrastructure. "Upon discovery, the information was removed immediately by the vendor, and we are currently investigating this incident with them," emailed a Charter spokesman Tuesday, saying the "MyTWC app" potentially became visible to external sources. He said there's no indication the company's systems were affected. He said Charter encourages customers who use the app to change user names and passwords. A BroadSoft spokeswoman emailed the company was notified that "a third-party cloud storage site containing internal BroadSoft documentation and end-user customer data was exposed to the public internet." The data didn't include bank or credit card information or Social Security numbers, and the information was secured once BroadSoft was notified, she said. "BroadSoft core IT and cloud unified communication infrastructures were not exposed or compromised."