Home » Charter Spectrum »Consumer News » Currently Reading:

Simple Website Flaw Discovered by 18-Year Old Exposed Personal Data of Millions of Charter Customers

Phillip Dampier May 20, 2015 Charter Spectrum, Consumer News No Comments

cyber hackA security flaw exposed the personal data of millions of Charter Communications customers nationwide, including payment details, account holders’ names and addresses, and specifics about the equipment used to receive Charter service.

Eric Taylor, 18, discovered the simple website flaw which could be exploited to expose private account information with the use of a simple header modification using a browser plug-in.

The flaw was similar to one discovered recently in Verizon’s online customer service portal. But Taylor claims Charter’s vulnerabilities exposed “way way way more” private customer information.

Fast Company, which first published the story about the security breach, notified Charter in advance of publishing the story, allowing the company to close the breach within hours before it became widely known.

Charter immediately downplayed the security risks involved.

charter-communications“The vast majority of Charter customers use a version of the site on which this security vulnerability was not an issue,” a company spokesperson explained, noting the number of customers affected was less than one million. The company is auditing its systems, he said, and has so far “seen no evidence of any password or data hacks.” The exposed data did not include credit card numbers.

Taylor and other security researchers believe the flaw was more serious than Charter was willing to admit.

“In theory, anyone with minor programming skills could code an automated program that scans every Charter IP and returns the customers billing info,” Taylor explained. Because ISPs like Charter distribute Internet services through blocks of IP addresses, an ambitious hacker could have incrementally added the number 1 to the end of a targeted address and see a different Charter customer’s account details each time.

“Personal information leakage as a result of such a vulnerability opens customers up to being attacked on other services such as email providers, cellular providers, and work-related functions with many untold consequences,” said Hector “Sabu” Monsegur, a former black hat hacker and security consultant.

Search This Site:

Contributions:

Recent Comments:

Your Account:

Stop the Cap!