Four million personal records of Time Warner cable customers were exposed.
Customer data for units of Charter Communications Inc. and other companies was left unprotected online in data stockpiles that Broadsoft Inc. kept online, security company Kromtech Alliance Corp. wrote on a company blog.
It came across two Amazon servers linked to global communications company BroadSoft, a TWC partner, the report said.
"We see more and more examples of how bad actors use leaked or hacked data for a range of crimes or other unethical purposes", Bob Diachenko, Kromtech's chief communications officer said.More news: Andrew Luck 'unlikely' to play Week 1
The records went far as back as November 2010, predating Charter's 2016 acquisition of Time Warner Cable for US$78.7 billion, including assumed debt.
There are some databases that had phone numbers, billing addresses and additional contact info for hundreds of thousands of TWC subscribers.
The exposed repository also contained a trove of internal company records including SQL database dumps, internal emails, codes with access credentials, access logs and more.
Researchers said they discovered the data repositories during their investigation into the unrelated World Wrestling Entertainment (WWE) data leak.More news: IFA 2017: Huawei reveals low-power Kirin 970 mobile AI chipset
"Even if companies realise they've accidentally published sensitive data via Amazon and locked up their data buckets, there is always the risk that Google has already indexed and cached the information", Mr Cluley said.
As the report is quick to note, Time Warner Cable isn't alone when it comes to leaving customer and company data exposed on Amazon cloud servers.
The data included usernames, email addresses, MAC addresses, device serial numbers and financial transaction information, although it doesn't appear that social security numbers or credit card information was involved.
It appears as though numerous customers who are affected were also using the Time Warner Cable smartphone app.More news: Super Eagles victory was down to prayers - Governor Udom
There's no indication yet that happened, but Kromtech is quick to state it will take some time and plenty of leg work to determine the impact and breadth of the exposure. As a general security measure, we encourage customers who used the My TWC app to change their user names and passwords. Engineers are deemed to have accidentally leaked not only partner data but also internal sensitive data to malicious individuals. Upon discovery, the information was removed immediately by the vendor, and we are now investigating this incident with them.
- US Open: Pablo Carreno Busta beats Denis Shapovalov to reach quarter-finals
- Christie slams Ted Cruz, calls him 'disgusting' while talking hurricane relief
- Zambia cut Super Eagles' lead in Group B with win over Algeria
- Marvell Technology Group Ltd. (MRVL) Given Buy Rating at Oppenheimer Holdings, Inc
- Froome ticks off another summit finish to boost historic Vuelta bid
- All Myanmar Muslims suffering state-backed persecution: Rights group
- Vacancies prompt state police to offer abbreviated academy
- Trump to nominate GOP Rep. Bridenstine as NASA chief
- Duke & Duchess of Cambridge expecting their third child
- Foster warns over powersharing talks as Brokenshire meets parties at Stormont