MUMBAI: Weeks after the 'Game of Thrones' episode leaks admitted by an Indian technology company -- a Star India partner, another data leak is being blamed on the India subsidiary of Broadsoft.
Broadsoft India's Bengaluru-based head of support Jatin Shivalaya chose not to comment when Indiantelevision.com sought their version of the story. However, BroadSoft later wrote to Indiantelevision.com from Melbourne (Australia) stating: “BroadSoft was notified that a third-party cloud storage site containing internal BroadSoft documentation and end-user customer data was exposed to public internet. The end-user customer data exposed did not include bank or credit card information or social security numbers. We immediately re-secure d the information. BroadSoft core IT and cloud unified communication infrastructures were not exposed or compromised in this incident."
Charter Communications, which purchased Time Warner Cable renaming it Spectrum, acknowledged last Friday that it discovered a data breach that made the private information of some of its customers available to outsiders. Those affected were Time Warner Cable customers who mainly used the My TWC app, and the company is advising the app users to change passwords, the Hollywood Reporter said.
A Charter representative refused to elaborate, but Gizmodo, a part of Gawker Media having brands such as Deadspin and Lifehacker, which is run in India by Times Internet, says the breach originated in India at BroadSoft, a communications company whose partners included Time Warner Cable.
Gizmodo reported that around four million records from 2010 to 2017 were exposed, though that does not mean that it involved four million individual customers. The breached files, it said, were discovered last week by Kromtech Security while its researchers were investigating an unrelated breach at World Wrestling Entertainment. Kromtech said it downloaded the contents of the publicly accessible BroadSoft data "for verification purposes".
CCTV footage, which was presumably of BroadSoft's workers in Bengaluru, (India), where the breach is believed to have originated, was also discovered on the Amazon bucket. The BroadSoft data, Kromtech said, as improperly configured to allow public access in AWS,
The S3 buckets were accidentally configured to allow public access, potentially allowing anyone with the URL to access and download the sensitive data. It shows that companies are still making rookie mistakes when handling data.
Not all TWC records had data on a unique customer. However, the cache size made it difficult for the researchers to pinpoint the exact number of affected persons. There were also some internal company records like credentials for external systems, internal emails, and SQL database dumps.
BroadSoft later told Gizmodo that it locked down its Amazon data (Charter says it was taken down) and has not seen evidence that intruders accessed the information.