Stories
Slash Boxes
Comments

SoylentNews is people

Yet Another AWS Config Fumble: Time Warner Cable Exposes 4 Million Subscriber Records

posted by Fnord666 on Monday September 11 2017, @02:51PM   Printer-friendly
from the another-day,-another-unsecured-database dept.

MrPlow writes:

Submitted via IRC for SoyCow5389

Records of roughly four million Time Warner Cable customers in the US were exposed to the public internet after a contractor failed to properly secure an Amazon cloud database.

Researchers with security company Kromtech said freelancers who handled web applications for TWC and other companies had left one of its AWS S3 storage bins containing seven years' worth of subscriber data wide open on the 'net. That data included addresses and contact numbers, information about their home gateways, and account settings.

Just before the weekend, Kromtech said the vulnerable AWS instance was operated by BroadSoft, a cloud service provider that had been using the S3 silos to hold the SQL database information that included customer records.

The researchers found that the database included information on four million TWC customers collected between November 26, 2010 and July 7, 2017. The exposed data included customer billing addresses, phone numbers, usernames, MAC addresses, modem hardware serial numbers, account numbers, and details about the service settings and options for the accounts.

A spokesperson for TWC parent company Charter said the telly giant was aware of the cockup, and is notifying the customers who were exposed.

Source: https://www.theregister.co.uk/2017/09/05/twc_loses_4m_customer_records/

Original Submission

 
This discussion has been archived. No new comments can be posted.
Yet Another AWS Config Fumble: Time Warner Cable Exposes 4 Million Subscriber Records | Log In/Create an Account | Top | 17 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Insightful) by fustakrakich on Monday September 11 2017, @05:49PM (2 children)

    by fustakrakich (6150) on Monday September 11 2017, @05:49PM (#566289) Journal

    Without a corporate death penalty and seizure of all assets, there is no sufficient compensation. All fines are just part of the costs of doing business. There is no incentive to change behavior under present conditions. We have built a system that is defective by design.

    --
    La politica e i criminali sono la stessa cosa..
    Starting Score:    1  point
    Moderation   +2  
       Insightful=2, Total=2
    Extra 'Insightful' Modifier   0  
    Total Score:   3  

  • (Score: 0) by Anonymous Coward on Monday September 11 2017, @08:03PM (1 child)

    by Anonymous Coward on Monday September 11 2017, @08:03PM (#566353)

    Competition within the market is enough to implement a corporate death penalty for the incorrigible; no specially crafted regulatory law is required.

    • (Score: 0) by Anonymous Coward on Monday September 11 2017, @10:47PM

      by Anonymous Coward on Monday September 11 2017, @10:47PM (#566452)

      Yeah, I'm sure that all zero of TWC's competitors are scrambling to exploit this event.