430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Another unsecured AWS S3 bucket exposed 4 million Time Warner Cable subscriber records

Experts reported that the AWS S3 storage containing subscriber data was left open by freelancers who handled web applications for the Time Warner Cable. A few days ago, researchers discovered of thousands of resumes of US Military and intel contractors left unsecured on an Amazon server, now roughly four million Time Warner Cable customers in the US were […]

Another unsecured AWS S3 bucket exposed 4 million Time Warner Cable subscriber records

Experts reported that the AWS S3 storage containing subscriber data was left open by freelancers who handled web applications for the Time Warner Cable.

A few days ago, researchers discovered of thousands of resumes of US Military and intel contractors left unsecured on an Amazon server, now roughly four million Time Warner Cable customers in the US were exposed by a contractor that left them openly accessible on an Amazon AWS S3 bucket.

The unsecured Amazon storage was discovered by researchers at security firm Kromtech, it was left open on the Internet by BroadSoft, one of the top companies that provides cloud-based unified communications.

“One of the top companies that provides cloud-based unified communications has just leaked more than 600GB of sensitive files online. The Kromtech Security Center has discovered not just one but two cloud-based file repositories (AWS S3 buckets with public access) that appear to be connected to the global communication software and service provider BroadSoft, Inc.” states the blog post published by Kromtech.

“They have created an infrastructure for cloud unified communications tools that can be service provider hosted or cloud hosted by BroadSoft. The publically traded company has over 600 service providers across 80 countries and supports millions of subscribers according to their website. Their partners are some of the biggest names in the communication business, telecom, media, and beyond, including Time Warner Cable, AT&T, Sprint, Vodafone among many other well known companies. When 25 of the world’s top 30 service providers by revenue all use BroadSoft’s infrastructure and with so many subscribers it is easy to see that this data leak could have a massive reach.”

Time Warner Cable

Kromtech reported that the AWS S3 storage containing subscriber data was left open by freelancers who handled web applications for the Time Warner Cable (TWC) and other companies.

That exposed customer records include addresses and contact numbers, account settings, phone numbers, usernames, MAC addresses, modem hardware serial numbers, account numbers, and other billing info.

Kromtech discovered the repository in late August, administrators forgot to limit access to authorized users only.

“The problem is that the repository was configured to allow public access and exposed extremely sensitive data in the process. They used Amazon’s cloud but misconfigured it by leaving it accessible. Amazon AWS buckets are protected by default but somehow were left publically available.” continues the blog post.

“It is most likely that they were forgotten by engineers and never closed the public configuration. This would allow anyone with an internet connection to access extremely sensitive documents,” 

The experts discovered in the AWS S3 bucked data belonging to four million Time Warner Cable customers collected between November 26, 2010 and July 7, 2017.

TWC is notifying the data leak to the customers who were exposed, BroadSoft did not return a request for comment.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – data leak, Time Warner Cable)

[adrotate banner=”13″]