(Reuters) – More than four million records of users of Time Warner Cable’s MyTWC app were found unsecured on an Amazon server last month, digital security research center Kromtech Security Center said in a blog post on Friday.
The files — more than 600 gigabytes in size containing sensitive information such as transaction ID, user names, Mac addresses, serial numbers, account numbers — were discovered on Aug. 24 without a password by researchers of Kromtech.
“A vendor has notified us that certain non-financial information of legacy Time Warner Cable customers who used the MyTWC app became potentially visible by external sources,” Charter Communications Inc (CHTR.O), Time Warner Cable’s parent, said in an email.
The information was removed immediately after the discovery and the incident is being investigated, Charter said.
The breach was eventually linked to BroadSoft Inc (BSFT.O), a communications company, whose unit developed the MyTWC app.
Broadsoft did not immediately respond to a request for comment.
Reporting by Laharee Chatterjee and Arjun Panchadar in Bengaluru; Editing by Shounak Dasgupta and Sriraj Kalluvila