Another unsecured AWS S3 bucket exposed 4 million Time Warner Cable subscriber records

Experts reported that the AWS S3 storage containing subscriber data was left open by freelancers who handled web applications for the Time Warner Cable.

A few days ago, researchers discovered of thousands of resumes of US Military and intel contractors left unsecured on an Amazon server, now roughly four million Time Warner Cable customers in the US were exposed by a contractor that left them openly accessible on an Amazon AWS S3 bucket.

The unsecured Amazon storage was discovered by researchers at security firm Kromtech, it was left open on the Internet by BroadSoft, one of the top companies that provides cloud-based unified communications.

“One of the top companies that provides cloud-based unified communications has just leaked more than 600GB of sensitive files online. The Kromtech Security Center has discovered not just one but two cloud-based file repositories (AWS S3 buckets with public access) that appear to be connected to the global communication software and service provider BroadSoft, Inc.” states the blog post published by Kromtech.

“They have created an infrastructure for cloud unified communications tools that can be service provider hosted or cloud hosted by BroadSoft. The publically traded company has over 600 service providers across 80 countries and supports millions of subscribers according to their website. Their partners are some of the biggest names in the communication business, telecom, media, and beyond, including Time Warner Cable, AT&T, Sprint, Vodafone among many other well known companies. When 25 of the world’s top 30 service providers by revenue all use BroadSoft’s infrastructure and with so many subscribers it is easy to see that this data leak could have a massive reach.”

Kromtech reported that the AWS S3 storage containing subscriber data was left open by freelancers who handled web applications for the Time Warner Cable (TWC) and other companies.

That exposed customer records include addresses and contact numbers, account settings, phone numbers, usernames, MAC addresses, modem hardware serial numbers, account numbers, and other billing info.

Kromtech discovered the repository in late August, administrators forgot to limit access to authorized users only.

“The problem is that the repository was configured to allow public access and exposed extremely sensitive data in the process. They used Amazon’s cloud but misconfigured it by leaving it accessible. Amazon AWS buckets are protected by default but somehow were left publically available.” continues the blog post.

“It is most likely that they were forgotten by engineers and never closed the public configuration. This would allow anyone with an internet connection to access extremely sensitive documents,” 

The experts discovered in the AWS S3 bucked data belonging to four million Time Warner Cable customers collected between November 26, 2010 and July 7, 2017.

TWC is notifying the data leak to the customers who were exposed, BroadSoft did not return a request for comment.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – data leak, Time Warner Cable)

[adrotate banner=”13″]