Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Monday September 11 2017, @02:51PM   Printer-friendly
from the another-day,-another-unsecured-database dept.

Submitted via IRC for SoyCow5389

Records of roughly four million Time Warner Cable customers in the US were exposed to the public internet after a contractor failed to properly secure an Amazon cloud database.

Researchers with security company Kromtech said freelancers who handled web applications for TWC and other companies had left one of its AWS S3 storage bins containing seven years' worth of subscriber data wide open on the 'net. That data included addresses and contact numbers, information about their home gateways, and account settings.

Just before the weekend, Kromtech said the vulnerable AWS instance was operated by BroadSoft, a cloud service provider that had been using the S3 silos to hold the SQL database information that included customer records.

The researchers found that the database included information on four million TWC customers collected between November 26, 2010 and July 7, 2017. The exposed data included customer billing addresses, phone numbers, usernames, MAC addresses, modem hardware serial numbers, account numbers, and details about the service settings and options for the accounts.

A spokesperson for TWC parent company Charter said the telly giant was aware of the cockup, and is notifying the customers who were exposed.

Source: https://www.theregister.co.uk/2017/09/05/twc_loses_4m_customer_records/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2, Insightful) by Anonymous Coward on Monday September 11 2017, @03:26PM (8 children)

    by Anonymous Coward on Monday September 11 2017, @03:26PM (#566243)

    Until these giant companies feel a pang of pain for their stupidity, they'll just keep being stupid.

    They need to PAY and pay a lot; the beneficiaries should be the people whose records were compromised, not some governmental regulatory agency.

    Starting Score:    0  points
    Moderation   +2  
       Insightful=1, Interesting=1, Total=2
    Extra 'Insightful' Modifier   0  

    Total Score:   2  
  • (Score: 3, Interesting) by Grishnakh on Monday September 11 2017, @04:48PM

    by Grishnakh (2831) on Monday September 11 2017, @04:48PM (#566273)

    Exactly; stupid mistakes like this should cost the company billions in compensation to those whose private information was released.

  • (Score: 3, Insightful) by fustakrakich on Monday September 11 2017, @05:49PM (2 children)

    by fustakrakich (6150) on Monday September 11 2017, @05:49PM (#566289) Journal

    Without a corporate death penalty and seizure of all assets, there is no sufficient compensation. All fines are just part of the costs of doing business. There is no incentive to change behavior under present conditions. We have built a system that is defective by design.

    --
    La politica e i criminali sono la stessa cosa..
    • (Score: 0) by Anonymous Coward on Monday September 11 2017, @08:03PM (1 child)

      by Anonymous Coward on Monday September 11 2017, @08:03PM (#566353)

      Competition within the market is enough to implement a corporate death penalty for the incorrigible; no specially crafted regulatory law is required.

      • (Score: 0) by Anonymous Coward on Monday September 11 2017, @10:47PM

        by Anonymous Coward on Monday September 11 2017, @10:47PM (#566452)

        Yeah, I'm sure that all zero of TWC's competitors are scrambling to exploit this event.

  • (Score: 5, Interesting) by Thexalon on Monday September 11 2017, @05:50PM (1 child)

    by Thexalon (636) on Monday September 11 2017, @05:50PM (#566290)

    If I were going to push a law in response to this and the Equifax breach, it would be this: Require insurance against the potential leak of consumer data for all businesses that handle it. There's obviously a risk here, and the way to manage risks under capitalism is to have insurance.

    This would help in several ways:
    1. Companies would now have a reason not to hang onto every little detail they can. By creating a cost for storing the fact that Joe Schmoe bought canned apricots on September 13 last year, you encourage them not to.
    2. The insurance companies will want to reduce the chance they pay out, and will likely create all sorts of rules and incentives to follow, e.g. "we will perform a quarterly penetration test" or "10% discount for participating in our code security review program".
    3. Now when the techies say "We need X amount of time to improve security", they can make the argument "... because if we do, our security breach insurance rates will go down $Y", which means management is more likely to approve the time.

    --
    The only thing that stops a bad guy with a compiler is a good guy with a compiler.
    • (Score: 2) by arslan on Tuesday September 12 2017, @02:26AM

      by arslan (3462) on Tuesday September 12 2017, @02:26AM (#566509)

      You'd think with all the vulture lawyers scurrying around that all these breaches are ripe for a privacy based class action suit to milk em idiots dry...

      something is amiss...

  • (Score: 0) by Anonymous Coward on Monday September 11 2017, @06:31PM

    by Anonymous Coward on Monday September 11 2017, @06:31PM (#566309)

    not some governmental regulatory agency.

    So you agree taxes should be raised to cover the enforcement?

    Million people getting $1.25 won't be thrilled. But if there agency got a cool million they actually could do their work...

  • (Score: 2) by VLM on Monday September 11 2017, @10:48PM

    by VLM (445) Subscriber Badge on Monday September 11 2017, @10:48PM (#566453)

    these giant companies

    That is an interesting side effect related to merger mania where nobody benefits from mergers but the middlemen.

    There's a nice deli by me, if they got powned, assuming they store any data (why?) rather than four million records it would be like four thousand absolute tops....

    Smaller security breaches is one of the many benefits of enforcing anti-monopoly laws.