Third Party Data Breach Leads to Exposure of Millions of Time Warner Cable Subscriber Records

Media Division | September 1, 2017

Cyber security is a very multi-faceted proposition, as there are numerous factors and parts that need to be taken into account. Neglect or carelessness in any minute part or aspect of cyber security can easily lead to a breach or attack. Breaches can come about in a number of different ways. A malicious hacker may gain access insidiously or through brute force attacks, or an insider could leak information for some reason. Then, there is the inadvertent breach, which is when some portion of security is left out or overlooked. Unfortunately, this has been the case in a large number of recent breaches, and it has occurred once again. This time, it involved millions of Time Warner cable subscriber records being exposed as a result of lacking third-party security.

The Contents of the Leak

To be exact, the breach exposed around 4 million records that contained personal data of cable subscribers. Numerous recent cases of inadvertent breaches have involved unsecured Amazon S3 databases, and this incident is no different. The fault is not in the databases, but rather with the organizations storing their data in them. There were two Amazon buckets involved in this breach that were connected to Broadsoft, which is a third party communications company whose service provider partners include Time Warner and AT&T. Put simply, the breach was a result of negligence, as the databases did not even require a password to access. Meaning, anyone that knew the address of the databases could access them and the data within. Records contained in the databases were not all for individual customers, meaning that it did not actually affect 4 million people. The cache of data totaled up to over 600GB, and included details like usernames, MAC addresses, email addresses, serial numbers of devices, and financial transaction data, although this did not appear to include credit card or Social Security numbers. Some portions also included phone numbers, billing addresses, and other contact data for minimally hundreds of thousands of customers. Also included were some internal company records like internal emails, SQL database dumps, CCTV footage presumed to be of Broadsoft employees in Bengaluru, India, and some code that contained username and password credentials for external systems. Time Warner was recently purchased by Charter, who had rebranded the company as Spectrum, but the records within the database dated back as far as 2010.

As mentioned above, numerous breaches have involved these types of Amazon databases, but not because of the databases themselves. These databases inherently require a password, which means that when they are left without a password, it is the organization’s responsibility. In fact, it generally means that someone had intentionally changed it to open access. This may sometimes be for the purpose of easier internal sharing, but it can be just as simple to have a password that only those requiring access know.

The Value of Data Breach Solutions

With how frequently breaches continue to occur, it is ideal that organizations have proper data breach solutions in place. Obviously, it is most ideal to completely prevent a breach, but organizations should also have a plan of action for the event of a successful breach. This can include factors like plugging the immediate hole, removing leaked data from the web, bolstering security, and notifying those affected. In the case that an organization does not have the necessary resources to thoroughly address all of these factors, they should enlist outside assistance. Improper handling of a data breach can result in much further damages. Massive Alliance offers comprehensive data breach solutions that can help organizations of all types and sizes to come back from a breach. 

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.