[German]American cable and Internet giant Comcast has been hit by a data leak. An unprotected database of the developers with 1.5 billion data records and a lot of internal information was accessible to third parties via the Internet.
Website Planet's security researchers informed me about the discovery a few hours ago. Their security team already came across the unprotected database of the provider Comcast on December 1, 2020 during a search on the Internet.
Who is Comcast?
Comcast Corporation is the largest cable operator, and the second largest Internet service provider after AT&T, and the third largest telephone company in the United States after AT&T and Verizon Communications. Comcast provides residential and commercial services in 40 U.S. states.
The unprotected database
The non-password protected database contained numerous references to URLs and internal IP addresses of the Comcast web presence (and some subdomains). Records also included dashboard permission information, logging, client IPs, @comcast email addresses, and hashed passwords. The total size of the database was 477.95 GB and contained 1,507,301,521 (1.5 billion) records.
- For example, the IP addresses stored in the database provide an overview of the internal functionality, logging, and overall structure of the network.
- In addition, the server exposed email addresses and hashed passwords of the Comcast development team.
- The database also contained error logs, alerts and job scheduling records that revealed cluster names, device names and many internal rules and tasks marked "Privileged =True."
- Finally, IP addresses, ports, paths and memory information were found that cyber criminals could potentially exploit to penetrate deeper into the network.
- Middleware was also identified in the error logs, which could also be used as a secondary path for malware or other vulnerabilities.
After the security researchers informed Comcast about the open database, they suddenly landed on an internal mailing list where the incident in question was being discussed. Apparently, the team there didn't have things under control, because such mistakes are always embarrassing. At least Comcast noticed and informed the reporting security researcher that he had received the documents in error.
To the credit of Comcast's security team, the security researchers highlight their quick response. As soon as it was clear that the open database belonged to Comcast, a report went out to their Security Defect Reporting Team. In less than an hour, the database was closed to public access and a response from Comcast was already available. Website Planet says that Comcast acted quickly and professionally. Further details may be read here.
