At a closer look, authorities identified four million records. BroadSoft partners with companies like tiem Warner Cable to manage their communications and cloud data needs.
Hackers are a major concern for anyone with a cable, wireless, bank, or social media account - so, basically everyone - but sometimes bad actors don't even have to actually break into anything in order for companies to leak data on their customers.
In addition, last month Amazon started sending warnings to its AWS users if it found they had uploaded data that anyone could see. These files were all pertaining to BroadSoft, a global communication firm, which supports partnerships with AT&T and Time Warner Cable.
The TWC record information was not unique for all details exposed, instances of duplicate information, were also seen, meaning the breach ultimately exposed less than four million customers.
Nonetheless, the cache offered access to numerous email addresses, user names, device serial numbers, MAC addresses, and others.
Also in the exposed data was information about people in Iraq and Afghanistan who had worked with the U.S. military.
The records, which stemmed from the MyTWC mobile app, date as far back as November 2010 - years before Charter bought TWC. However, the available records were dating from both eras.
The leak, which was first discovered by Kromtech Security Center, is an absolutely inexcusable mistake on the part of BroadSoft, Inc.
The breach is believed to have happened from BroadSoft's workers in Bengaluru, India. This is also where people on the case suspect the origin of the leak to be from.
Kromtech's chief communications officer, Bob Diachenko, said that "Hackers continually use leaked or hacked information to commit other tremendous crimes". Due to this incident, cyber attackers would have had numerous opportunities to inflict harm both at the level of enterprise and society. While it's unlikely that multiple BroadSoft customers have anything to worry about, this incident will undermine confidence in the unified comms specialist and make potential suitors wary about potential security breaches that could, in the future, lead to legal action and compensation claims.
Time Warner Cable customers received a private notification before the company published the update. Kromtech said the exposed S3 buckets contained a "massive amount of sensitive information and researchers estimate it would take weeks to fully sort through all of the data".