If you used the TV provider's mobile app, you were vulnerable.

Verizon isn't the only big US telecom whose corporate ally left customer data out in the open. MacKeeper developer Kromtech has discovered that BroadSoft, a frequent partner to service providers, was storing over 4 million Time Warner Cable customer records on Amazon cloud servers without a password. The records, which stemmed from the MyTWC mobile app, date as far back as November 2010 -- years before Charter bought TWC. The information included email addresses, user names, financial transactions (though there's no indication of credit card data) and billing addresses. There was even closed-circuit camera footage from BroadSoft's Indian offices, as if to rub salt in the wound.

You might not need to panic. BroadSoft tells Gizmodo that it locked down its Amazon data (Charter says it was taken down) and hasn't seen evidence that intruders accessed the information. Both BroadSoft and Charter say they're investigating and will take extra steps to address the situation if necessary. To be on the safe side, though, Charter is recommending that MyTWC owners change their user names and passwords.

The exposure didn't include extremely sensitive info like credit card data or social security numbers, so the potential damage is relatively limited. However, it's not so much the specific threat as that the data was left exposed in the first place. It shows that companies are still making rookie mistakes when handling data, and suggests that they need to implement more stringent (and importantly, continuous) oversight of their partners to keep your data secure.

Source:
courtesy of ENGADGET

by Jon Fingas

If you have any stories or news that you would like to share with the global online community, please feel free to share it with us by contacting us directly at [email protected]