About 4 million personal records of Time Warner Cable customers have been exposed for having been stored in an Amazon server with no password.
"Upon discovery, the information was removed immediately by the vendor, and we are now investigating this incident with them", it said in a statement to Gizmodo. The breach was eventually linked to BroadSoft, a communications company, whose unit developed the MyTWC app. Broadsoft did not immediately respond to a request for comment.
The data "was configured to allow public access and exposed extremely sensitive data" such as usernames, email addresses, credentials and in some cases billing addresses and phone numbers. However, the cache size made it hard for the researchers to pinpoint the exact number of affected persons.
"Protecting customer privacy is of the utmost importance to us", the firm said.
Charter Communications bought Time Warner Cable past year and changed the name to Spectrum.
It added: "The situation is rectified, and we have initiated steps to inform the individuals affected by this breach".
TWC, which was acquired by Charter Communications previous year and is now called Spectrum, said the data related to users of the MyTWC mobile application used to remotely manage accounts, which was developed by BroadSoft.
It has advised MyTWC users to change their user names and passwords. There were also some internal company records like credentials for external systems, internal emails, and SQL database dumps. "We apologize for the frustration and anxiety this causes, and will communicate directly to customers if their information was involved in this incident".
More than 600 gigabytes of files left unsecured on an Amazon server by third-party communications company BroadSoft were leaked last month.
Correction, 12:30pm: In a previous version of this article the headline identified people affected by this breach as "Time Warner" customers. "The two repositories contained thousands and thousands [of] records and reports for a number of Broadsoft clients, with Time Warner Cable appearing to be the most prominent", Kromtech's Bob Diachenko blogged.