More than four million Time Warner Cable records exposed in leak

Ann Santiago
September 6, 2017

Details related to more than 4 million Time Warner Cable customers were exposed online in a major data breach, according to a report from Kromtech Security, but it was a partner of the U.S. cable operator, rather than TWC itself, that was at fault, according to the security export.

The breach was eventually linked to BroadSoft Inc, a communications company that partners with service providers, including AT&T (NYSE:) and TWC, Gizmodo said. In some cases, there were duplicated records, implying that the 4 million leaks may be half.

It added: "The situation is rectified, and we have initiated steps to inform the individuals affected by this breach".

Other databases included billing addresses, phone numbers and other contact information. There were also some internal company records like credentials for external systems, internal emails, and SQL database dumps.

On August 24, the Kromtech Security Center had its employees research a data breach at World Wrestling Entertainment.


"Even if companies realise they've accidentally published sensitive data via Amazon and locked up their data buckets, there is always the risk that Google has already indexed and cached the information", Mr Cluley said. One of those needs, for Time Warner at least, was storing customer data, and BroadSoft made a decision to accomplish that task by dumping it into an Amazon server bucket with no password.

One of the files contained over 4 million records including usernames, account numbers, transaction IDs and other info spanning 26 November 2010 to 7 July 2017.

More than 600 gigabytes of files left unsecured on an Amazon server by third-party communications company BroadSoft were leaked last month.

BroadSoft confirmed the leak but said it did not believe sensitive data was involved. Both BroadSoft and Charter say they're investigating and will take extra steps to address the situation if necessary.

"We were notified by a vendor that certain non-financial information of legacy Time Warner Cable customers who used the MyTWC app became potentially visible by external sources". While it's unclear how numerous customers are still current subscribers, if you happen to be a TWC (now Charter Spectrum) customer, it's a great idea to be on the lookout for any suspicious activity related to any of your accounts for the immediate future. As a general security measure, we encourage customers who used the My TWC app to change their user names and passwords.

Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER