Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Monday September 11 2017, @02:51PM   Printer-friendly
from the another-day,-another-unsecured-database dept.

Submitted via IRC for SoyCow5389

Records of roughly four million Time Warner Cable customers in the US were exposed to the public internet after a contractor failed to properly secure an Amazon cloud database.

Researchers with security company Kromtech said freelancers who handled web applications for TWC and other companies had left one of its AWS S3 storage bins containing seven years' worth of subscriber data wide open on the 'net. That data included addresses and contact numbers, information about their home gateways, and account settings.

Just before the weekend, Kromtech said the vulnerable AWS instance was operated by BroadSoft, a cloud service provider that had been using the S3 silos to hold the SQL database information that included customer records.

The researchers found that the database included information on four million TWC customers collected between November 26, 2010 and July 7, 2017. The exposed data included customer billing addresses, phone numbers, usernames, MAC addresses, modem hardware serial numbers, account numbers, and details about the service settings and options for the accounts.

A spokesperson for TWC parent company Charter said the telly giant was aware of the cockup, and is notifying the customers who were exposed.

Source: https://www.theregister.co.uk/2017/09/05/twc_loses_4m_customer_records/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Interesting) by Thexalon on Monday September 11 2017, @05:50PM (1 child)

    by Thexalon (636) on Monday September 11 2017, @05:50PM (#566290)

    If I were going to push a law in response to this and the Equifax breach, it would be this: Require insurance against the potential leak of consumer data for all businesses that handle it. There's obviously a risk here, and the way to manage risks under capitalism is to have insurance.

    This would help in several ways:
    1. Companies would now have a reason not to hang onto every little detail they can. By creating a cost for storing the fact that Joe Schmoe bought canned apricots on September 13 last year, you encourage them not to.
    2. The insurance companies will want to reduce the chance they pay out, and will likely create all sorts of rules and incentives to follow, e.g. "we will perform a quarterly penetration test" or "10% discount for participating in our code security review program".
    3. Now when the techies say "We need X amount of time to improve security", they can make the argument "... because if we do, our security breach insurance rates will go down $Y", which means management is more likely to approve the time.

    --
    The only thing that stops a bad guy with a compiler is a good guy with a compiler.
    Starting Score:    1  point
    Moderation   +4  
       Insightful=1, Interesting=3, Total=4
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 2) by arslan on Tuesday September 12 2017, @02:26AM

    by arslan (3462) on Tuesday September 12 2017, @02:26AM (#566509)

    You'd think with all the vulture lawyers scurrying around that all these breaches are ripe for a privacy based class action suit to milk em idiots dry...

    something is amiss...