The Archives are more than 600GB in size, were found on August 24 by the Kromtech Security Center while its researchers were reviewing an irrelevant data breach at World Wrestling Entertainment. Two Amazon S3 buckets were finally found and connected to BroadSoft, a global communications company that associates with service providers, including AT&T and TWC.
Not all of the TWC archives included information about individual customers. Some included duplicative data, determining the breach finally exposed less than four million customers. Due to the size of the reserve, however, the researchers could not directly say precisely how many were affected. The leaked data included usernames, emails addresses, MAC addresses, device serial numbers, and financial transaction data though it does not seem that any Social Security numbers or credit card information were exposed.
Time Warner Cable was acquired by Charter Communications last year and is now called Spectrum, though the leaked documents date back from this year to at least 2010.
Other databases published billing addresses, phone numbers, and other communication info for at least hundreds of thousands of TWC subscribers. The servers also included a slew of internal company records, including SQL database dumps, internal emails, and code including the credentials to an unknown number of external systems..
A leak of managerial credentials typically heightens the risk of more systems and sensitive elements being compromised. But Kromtech did not try to access or review any of the password protected data, and so the contents of any other servers probably vulnerable remain unknown.
CCTV footage, probably of BroadSoft’s workers in Bengaluru, India where the violation is believed to have originated was also discovered on the Amazon bucket.
“We see more and more cases of how bad actors use leaked or hacked data for a range of crimes or other immoral purposes,” said Bob Diachenko, Kromtech’s chief communications officer. “In this case engineers inadvertently leaked not only customer and partner data but also private credentials that criminals could easily use to monitor or access company’s network and infrastructure.”