Enjoy Better with Time Warner Cable – incredibly fast Internet, high-def TV and crystal-clear Home Phone for your connected life. TWC WiFi® Coverage Map.
What’s the latest on the web, Time Warner Hacked is what it’s about now as a bad AWS S3 config (once again) exposes the details of approximately 4 Million subscribers.
This follows not long after the Instagram API leaking user contact information and a few other recent leaks involving poorly secured Amazon AWS S3 buckets and I’d hazard a guess that it won’t be the last.
Records of roughly four million Time Warner Cable customers in the US were exposed to the public internet after a contractor failed to properly secure an Amazon cloud database.
Researchers with security company Kromtech said freelancers who handled web applications for TWC and other companies had left one of its AWS S3 storage bins containing seven years’ worth of subscriber data wide open on the ‘net. That data included addresses and contact numbers, information about their home gateways, and account settings.
![Time Warner Cable Internet Tv Hack Time Warner Cable Internet Tv Hack](http://samsclass.info/seminars/myspace-idiocy.jpg)
Just before the weekend, Kromtech said the vulnerable AWS instance was operated by BroadSoft, a cloud service provider that had been using the S3 silos to hold the SQL database information that included customer records.
When Kromtech spotted the repository in late August, it realized that databases had been set to allow public access, rather than limit access to administrators or authorized users.
“It is most likely that they were forgotten by engineers and never closed the public configuration. This would allow anyone with an internet connection to access extremely sensitive documents,” Kromtech’s Bob Diachenko said.
This is also not the first Data Leak to involve a poorly secured Amazon S3 bucket (to be fair, AWS IAM is pretty complex).
Still, that’s no excuse if your people can’t understand it – hire someone who can secure your buckets properly (per app, separate users for each). Too many dev teams just use the root account credentials for accessing everything which is the worse possible way to use S3.
“Not only could they access the documents, but any ‘authenticated users’ could have downloaded the data from the URL or using other applications. With no security in place, just a simple anonymous login would work.”
The researchers found that the database included information on four million TWC customers collected between November 26, 2010 and July 7, 2017. The exposed data included customer billing addresses, phone numbers, usernames, MAC addresses, modem hardware serial numbers, account numbers, and details about the service settings and options for the accounts.
A spokesperson for TWC parent company Charter said the telly giant was aware of the cockup and is notifying the customers who were exposed.
“Upon discovery, the information was removed immediately by the vendor, and we are currently investigating this incident with them,” Charter said. “There is no indication that any Charter systems were impacted. As a general security measure, we encourage customers who used the MyTWC app to change their user names and passwords.”
This Time Warner hack has exposed some pretty juicy information, thankfully no credit card details appear to have been leaked but everything else you need to social engineer an account is there, or even in a worse case scenario to hijack someone’s identity.
It’s also not really surprising to me that it’s been that way for some time (possibly even 7 years?) as by default S3 is publically accessible and if you don’t change it nothing will break so it’s very easily forgotten.
Source: The Register
Bundles that put together internet, phone and TV packages aren’t always what customers are looking for, so Time Warner Cable is working on a plan that could see its internet-only subscribers getting their TV fix in a different way.
Right now, Time Warner Cable is putting forth a trial run that will see some of its internet-only customers opt-in for TV channels, or packages of channels, at a select price per month. Instead of paying the full price for an entire TV deal, which includes hundreds of channels some customers might not watch, this method is meant to give the customer only the channels they want.
According to TWC’s Alix Cottrell, the Vice President for Programming and Content, this trial run is being held only in New York City for now, as the company looks to see if the option is “really easy and straightforward,” before the company plans on rolling it out to other markets. For those that are selected into the trial, they’ll earn themselves a Roku 3 set-top box, and be able to select individual channels, or opt for “skinny” bundles that may include a variety of channels that are similar in scope.
Those in the trial will be able to select up to 300 channels, and some services will be missing, including pay-per-view movies, rentals and DVR functions.
The trial will officially get started on Monday, November 9, and that’s when prices will be finalized and announced. On top of that, Cattrell said that TWC is hard at work on other apps for different platforms, which means it’s possible that Apple TV owners in the future could gain access to this as well.
It’s certainly an interesting move from one of the largest companies in the United States when it comes to internet and/or television, and one that’s similar to the idea of Apple’s streaming television deal that’s rumored to be still in the works.
What do you think of Time Warner Cable’s idea? If you cut the cord, would this be a way you’d consider going back to get your TV content?
[via Engadget]